Wendy Wu Tours

Summary

The KillSec ransomware group claimed to have hacked Sydney-based tour agency Wendy Wu Tours in March 2025, threatening to publish stolen customer data within seven days. Sample data released by the attackers included scans of valid passports from Australian, British, and German residents, alongside passenger pre-travel forms containing personal and travel information.

What Happened

On 4 March 2025, KillSec listed Wendy Wu Tours on its darknet leak site and provided sample stolen data as evidence. The samples included nine scans of valid passports belonging to residents of Australia, the United Kingdom, and Germany, as well as passenger pre-travel forms listing names, residential and email addresses, emergency contact details, and frequent flyer numbers. The ransomware group provided payment instructions but did not specify a ransom amount, offering options for the company to pay for data deletion or for individuals to purchase the data.

Impact on Individuals

The breach exposed sensitive travel documents and personal information of Wendy Wu Tours customers, including passport scans and detailed travel records. The full extent of affected individuals has not been publicly disclosed.

Organisational Response

Simon Bell, managing director at Wendy Wu Tours Australia, stated the company was investigating and reviewing the claim, taking the matter seriously and committing to provide updates as appropriate. This incident was part of KillSec's broader campaign targeting Australian organisations, with all previous Australian victims having their data published after refusing to pay ransoms.