This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

Regis Resources

Summary

Regis Resources, an ASX-listed gold producer, confirmed a cyber intrusion that was detected in mid-November 2025 after automated security systems isolated affected infrastructure. On 5 January 2026, the Lynx ransomware group listed Regis Resources' subsidiary McPhillamys Gold on its dark web leak site, claiming to have exfiltrated company data. Regis Resources disputes this, stating a forensic investigation found no data was exported.

What Happened

In mid-November 2025, Regis Resources detected an intrusion attempt on its IT systems. Automated security safeguards triggered immediately, temporarily shutting down and restricting access to affected systems to contain the incident. The company engaged external cybersecurity experts to investigate.

On 5 January 2026, the Lynx ransomware group publicly listed Regis Resources' subsidiary McPhillamys Gold on its dark web leak site. Lynx is a financially motivated ransomware group that emerged in mid-2024 and has claimed approximately 400 victims globally. The group employs double extortion tactics — exfiltrating data before deploying ransomware, then threatening to publish stolen information to pressure victims into paying a ransom.

Regis Resources stated it has found no evidence a ransom demand was made, and that a forensic investigation concluded no data was actually exported from its systems. The company attributed the listing to the threat actor attempting to create the appearance of a successful breach.

Impact on Individuals

The Lynx group published the names and job titles of senior Regis Resources executives on its dark web listing. The company maintains no broader data exfiltration occurred.

Regis Resources states the incident had no operational or commercial impact. No customer, employee, or contractor personal information has been confirmed as compromised. If the company's forensic findings are accurate, the risk to affected individuals is limited.

However, individuals associated with Regis Resources — particularly those whose roles were published — should:

  • Be alert for targeted phishing or social engineering using publicly available corporate information
  • Monitor for any unsolicited contact that references their role or employer
  • Contact the company if they receive suspicious communications

Organisational Response

Upon detecting the intrusion, Regis Resources' automated security systems immediately isolated affected infrastructure. The company notified relevant authorities and engaged external cybersecurity specialists to conduct a forensic investigation.

The investigation concluded there was no data export and no ransom demand was received. Regis Resources has stated that operational systems and gold production were unaffected throughout the incident.

Verification Source: View original statement