cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

ZircoDATA falls victim to Black Basta ransomware attack

Passports belonging to ZircoDATA executives and US private equity fund Housatonic Partners leaked on the dark web, alongside Australian ImmiCard numbers and more.

user icon David Hollingworth
Thu, 29 Feb 2024
ZircoDATA falls victim to Black Basta ransomware attack
expand image

The Black Basta ransomware gang has added Australian data management firm ZircoDATA to its list of victims.

Black Basta posted details of the hack on 22 February, claiming to have 395 gigabytes of data, including financial documents, personal user folders, and confidentiality agreements. The ransom deadline at the time was 1 March.

ZircoDATA is aware of the claim and is taking the incident seriously.


“We are aware that our company has been named on a dark web page in relation to a cyber incident,” a ZircoDATA spokesperson told Cyber Daily. “We are working with cyber security experts to investigate the situation with urgency, and we are committed to providing any relevant updates to our employees, customers, and stakeholders if required.”

“At this stage, our investigation to date has not identified evidence to suggest that personal information relating to customers has been impacted.

“We have contacted law enforcement, and we have notified the Office of the Australian Information Commissioner.”

In the meantime, Black Basta has posted a large number of documents to prove the validity of the hack, mostly passport scans – some valid, some expired – and immigration documents, including Australian migration status cards, complete with ImmiCard numbers.

There are at least 46 passport scans and 12 immigration cards, as well as various other identity documents. The passports and other documents are from a wide range of countries, including Australia, the US, Peru, Iran, Italy, and more.

Two passports belong to current or ex-members of ZircoDATA’s C-suite, while three more belong to partners at US equity firm Housatonic Partners, which is a majority shareholder in ZircoDATA. Most of the passports and other personal documents do not appear to belong to ZircoDATA employees.

Also included in the leaked data is a document relating to legal translation firm Barnes, Thompson & Brown, which is part of ZircoDATA’s Xine Communication business – one of Australia’s largest translation services. Black Basta also shared a screenshot of a file directory that includes several folders named ZircoDATA in one form or another.

ZircoDATA’s main business is information management, data storage, document shredding and scanning, document translation, and information governance – including data breach reporting. According to ZircoDATA’s website, the company has 9,000 customers and 18 record centres across Australia.

“We are committed to protecting the information of all our valued customers, employees and stakeholders,” ZircoDATA’s spokesperson said.

“We understand this incident may have caused inconvenience or distress, and we want to assure you we are working to resolve it.”

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.