Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
HR files, payroll data, and more have allegedly been compromised by a 270-gigabyte data breach impacting a recycling and landscaping resources firm.
The INC Ransom ransomware group has listed Australian landscaping and recycling firm Benedict on its darknet leak site and claims to have stolen 270 gigabytes of company data.
Benedict was one of four organisations listed by the hackers on 9 October, with the entirety of the exfiltrated data published on the same day.
The data includes extensive backups of user data that appear to be legitimate, alongside human resources information, Salesforce files, and detailed workplace incident reports. Workers’ compensation data is also present in the leak, alongside payroll data and details of employees’ child support deductions.
No ransom demand was listed by the hackers, nor any other commentary on the hack.
Benedict told Cyber Daily it was aware of the hackers' claims and is actively investigating.
"We recently experienced a cyber incident when an unauthorised third party accessed part of our system. As soon as we became aware of unusual activity on our system, we took immediate action to engage external experts, contain the incident and commence an urgent investigation," a company spokesperson told Cyber Daily.
"Unfortunately, our ongoing investigation identified that a subset of personal information was accessed and taken, which primarily related to employee data. We are also aware that some information has been published on the ‘dark web’ by the unauthorised third party, and we are urgently investigating this."
Benedict said it has notified employees impacted by the incident, and is notifying a "small group of further affected individuals". Benedict is providing support to those impacted by the hack, and has notified the Office of the Australian Information Commissioner
"We take the privacy of customer and staff information very seriously and we sincerely apologise for any concern this incident may have caused."
INC Ransom was first observed in August 2023 and has been quite busy since then, claiming at least 499 victims since that date.
The gang is known for using spear phishing tactics, which it employs to gain initial access, and for using double-extortion techniques to pressure its victims. INC Ransom both encrypts the data it steals and then threatens to publish that data online if a ransom payment is not received.
The group mostly targets entities in Europe and North America, but it has also targeted a significant number of Australian organisations. Its most recent Australian victims were Terry Ringland Chartered Accountants and South East Country Vets, which were both listed on 17 July this year.
Benedict is headquartered in Belrose, NSW, and touts itself as one of the “largest producers and resellers of quarried, recycled and landscape products” in the state. The Benedict Industries Group consists of Benedict Sand & Gravel, Benedict Sands, Appin Sands, Cowra Quartz, and Benedict Recycling.
The company has approximately 100 employees and operates locations around NSW.
UPDATED 14/10/25 to add company commentary.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
