Benedict

Summary

Benedict, an Australian landscaping and recycling firm, suffered a ransomware attack by the INC Ransom group, which listed the company on its darknet leak site on 9 October 2025. The attackers claimed to have stolen 270 gigabytes of company data and published the entirety of the exfiltrated information on the same day. The compromised data primarily consisted of employee information including HR files, payroll data, user backups, Salesforce files, and detailed workplace incident reports.

What Happened

On 9 October 2025, the INC Ransom ransomware group listed Benedict as one of four organisations on its darknet leak site and published the complete 270 gigabytes of stolen data on the same day. The attackers likely gained initial access through spear phishing tactics, consistent with INC Ransom's known methods. Benedict's investigation identified that a subset of personal information was accessed and taken, primarily relating to employee data including HR files, payroll records, extensive user data backups, Salesforce files, and detailed workplace incident reports.

Impact on Individuals

The breach primarily affected Benedict employees whose personal and employment information was compromised. The stolen data included HR files, payroll data, and detailed workplace incident reports. Benedict also identified a small group of further affected individuals beyond employees. The company commenced notifications to all impacted parties.

Organisational Response

Upon becoming aware of unusual activity on their system, Benedict immediately engaged external cyber security experts, contained the incident, and commenced an urgent investigation. The company notified affected employees and a small group of additional impacted individuals. Benedict also reported the incident to the Office of the Australian Information Commissioner as required under the Notifiable Data Breaches scheme.