Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Financial services aggregate 3P Corporation denies April data breach; however, more than 200 gigabytes of internal documents and customer data have been published online by hackers.
The Space Bears ransomware gang listed Victorian financial services firm 3P Corporation as a victim on its darknet leak site in early April and has since published data that it claims to have stolen in the course of the attack.
The hackers made the claim in a 10 April post, listing some information about its alleged victim alongside claims relating to the nature of the stolen data, which includes a database, financial documents, and “personal information of employees and clients”.
A ransom deadline of around 18 April was listed at the time, and since then, the hackers have published a 213.3 gigabyte compressed archive to a popular clear web file hosting site. According to the file’s properties, this has been downloaded 196 times.
A spokesperson for 3P has said they are aware of the claims and confirmed that the incident took place on 7 April.
“There was an attempted ransomware attack on our servers. However, our investigations found that our systems picked up on the attack before any data could be compromised,” 3P’s spokesperson told Cyber Daily on 30 May.
“As 3P Corporation Ltd is a holding company, it does not hold any direct client data. We have since conducted a review of our systems with the aim to further strengthen our controls.”
The incident and a report of 3P’s investigations have been provided to the Australian Signals Directorate’s Australian Cyber Security Centre, and 3P’s spokesperson said that “staff were informed and any potential clients were made aware” of the incident.
However, the information published by Space Bears includes hundreds of Authority to Deduct Funds forms relating to tax returns, complete with full bank details and customer signatures, trust account statements, and remittance advice, all on 3P letterhead and in a folder labelled 3P Accounting & Tax Trust Account.
Employee pay slips are included in the leak, as well as internal document templates and files relating to more than 4,500 business service clients, including correspondence, tax returns, and signed deeds. One document holds more than 2,700 tax file numbers.
Cyber Daily has only made a brief assay of the full data set, which includes a total of 30 folders of company data.
Space Bears is another relatively new group, first appearing in April 2024. The gang is thought to be based in Russia and has since then claimed 71 victims. Its most recent Australian victim was NSW charity Christian Community Aid, which fell victim to Space Bears’ depredations in January 2025.
3P describes itself as a “boutique financial services aggregate in the heart of Melbourne’s finance district”. It was founded in 2013 by author and TV personality Peter Ziggy and provides accounting and tax services, financial planning and legal advice, and human resources services.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
