Clutch Industries

Summary

Australian automotive manufacturer Clutch Industries confirmed a cyber incident in January 2025 after the Lynx ransomware group listed the company on its darknet leak site. The attackers claimed to have exfiltrated 350 gigabytes of data including business records, employee information, and financial details.

What Happened

On 19 January 2025, the Lynx ransomware gang listed Clutch Industries as a victim on their darknet platform, claiming to have stolen 350 gigabytes of data. The published data reportedly includes shared user folders, purchasing and stock data, engineering information, and sales and marketing records. Initial assessments suggest limited personal data was involved in the breach.

Impact on Individuals

Based on available information, the breach primarily affected business and operational data rather than personal information. The company has not disclosed whether customer or employee personal data was compromised.

Organisational Response

Clutch Industries acknowledged the incident after becoming aware of its listing on the ransomware gang's leak site. The company notified the Australian Cyber Security Centre and stated it has upgraded its security measures to prevent further incidents. An investigation into the full extent of the breach is ongoing.