Metricon Homes

Summary

Metricon Homes, Australia's largest home builder operating in New South Wales, Victoria, Queensland, and South Australia, suffered a ransomware attack on 21 July 2025. The Qilin ransomware gang infiltrated the company's IT systems and claimed to have stolen 128 gigabytes of data including confidential financial documents, architectural plans, employee details, credit card receipts, and staff salary information. Construction operations continued without interruption.

What Happened

On 21 July 2025, the Qilin ransomware operation successfully infiltrated Metricon Homes' IT systems. The breach was discovered on 24 July 2025, and Qilin subsequently listed Metricon on its darknet leak site, claiming to have exfiltrated 128 gigabytes of data. The stolen information included confidential financial documents, proprietary architectural plans, internal marketing strategies, company credits and employee details, credit card receipts, finance and HR information, profit and loss statements, and staff salary and commission rate details.

Impact on Individuals

The breach exposed sensitive employee information including personal details, salary information, and commission rates. Customers potentially had credit card receipt data compromised. Despite the data theft, Metricon confirmed that construction operations and safety protocols continued without interruption, minimising operational impact on customers and staff.

Organisational Response

Upon discovery on 24 July 2025, Metricon Homes notified the Australian Cyber Security Centre (ACSC), the Office of the Australian Information Commissioner (OAIC), and law enforcement authorities. The company confirmed that the ransomware attack had no impact on operational safety and that construction activity continued without disruption. Metricon commenced an investigation into the scope and nature of the compromised data.