Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
An IT outage at Metricon Homes has been confirmed as a cyber attack, as the Qilin ransomware gang posts employee details to the dark web.
The Qilin ransomware operation has listed Victoria-based Metricon Homes as a victim on its darknet leak site and is claiming to have stolen 128 gigabytes of data from the popular home builder.
“As part of our operations, we have acquired access to highly sensitive data, including confidential financial documents, proprietary architectural plans, and internal marketing strategies,” a Qilin affiliate said in a 21 July leak post.
“The disclosure of this information could cause significant harm to the company, as it contains materials that may offer competitors a substantial strategic advantage and weaken Metricon’s position in the market.”
According to the hackers, the exfiltrated data consists of more than 98,000 files, with several screenshots and documents already posted to the dark web as proof of the hack. The data includes details of company credits and the employees who hold them, credit card receipts, finance and HR information, profit and loss statements, and details of staff salaries and commission rates.
The hackers have said the data will be fully published within seven days.
Metricon Homes’ website recently had a notification that it was experiencing an IT issue, but it has now confirmed it is “responding to a cyber incident that temporarily impacted access to its internal systems and networks”.
“This issue was swiftly contained with the support of external experts. Metricon can confirm that there has been no impact to the safety of our operations, and construction activity has continued without interruption,” a Metricon Homes spokesperson told Cyber Daily.
“Metricon are now aware that an unknown third party has named the company online and disclosed a small amount of data they claim was taken from our IT environment without authorisation. We are currently investigating these claims as a priority.”
The company is continuing to investigate the incident and the scope of the data compromised and has committed to notifying impacted individuals directly. Metricon’s internal systems are back in operation, and payments to suppliers and tradespeople are continuing as normal.
“We have notified the Australian Cyber Security Centre (ACSC), the Office of the Australian Information Commissioner (OAIC), and law enforcement authorities. We have also updated our staff, suppliers and trades throughout this process. Our response efforts remain focused on system security, transparency, and supporting those impacted by this incident,” the spokesperson said.
Metricon CEO Brad Duggan added his own statement to the company’s response.
“We take this incident extremely seriously and are working with independent experts to understand exactly what occurred,” Duggan said.
“Our customers, team and partners expect us to protect their data, and we are committed to managing this incident with care, speed and openness.”
The Qilin ransomware-as-a-service operation was first observed in August 2022 and has claimed 625 victims since, making it the third-most active ransomware group as of publishing. Its most recent Australian victim was financial services firm Skeggs Goldstien, which fell victim to an affiliate of the group in June.
Metricon Homes is considered the largest home builder in Australia, and it provides property services in NSW, Victoria, Queensland, and South Australia.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
