Brown and Hurley

Summary

The Lynx ransomware gang claimed to have stolen approximately 170 gigabytes of data from Brown and Hurley, a Queensland-based truck dealership. The attackers published the company on their darknet leak site and claimed the stolen data included human resources documents, business contracts, customer information, and financial records.

What Happened

The attack is estimated to have occurred on 22 January 2025, with the breach discovered on 12 February 2025 when Brown and Hurley was listed on Lynx's darknet leak site. The ransomware group claimed to have exfiltrated 170 gigabytes of sensitive business data and posted partial data on the darknet to pressure the company into compliance. The incident was part of a broader trend of ransomware attacks targeting the automotive industry in early 2025.

Impact on Individuals

The breach potentially affects customers and employees of Brown and Hurley, with the attackers claiming to have stolen customer information and human resources documents. The full extent of individuals affected has not been publicly disclosed.

Organisational Response

Brown and Hurley has not made public statements regarding the incident. The attack represents one of three Australian companies targeted by Lynx in early 2025, as the ransomware group continues its campaign that began in July 2024 and has since claimed over 136 victims globally.