Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Threat actors have successfully launched a cyber attack on a Tasmanian aged care and disability not-for-profit, claiming to have stolen client and staff data.
CBS Tasmania is a not-for-profit organisation that works to provide aged care and disability services and promotes independent living. The company supplies home disability support, social activities and more, tailoring them to the individual.
CBS was listed on the dark web leak site of the Lynx ransomware gang earlier this month, posting proof of the data incident on 10 October.
While the company did not publicly set a ransom amount, or a date of full publication, the sample Lynx posted contains documents including an employee detail form, an organisation detail form with the Tasmanian Department of Health, a tax invoice, and a photo of a “Working With Vulnerable People” ID.
These samples together expose personal details like name, ID data, residential addresses, business contact and location data, account data, financial information and more.
Responding to Cyber Daily’s request for comment, CBS Tasmania confirmed the incident.
“Community Based Support Ltd (CBS) recently experienced a cyber incident,” the company said.
“As soon as we became aware, we immediately engaged leading cyber experts to provide advice.
“This incident has been contained. The incident had no impact on our operations, and we are continuing to provide services to our clients as usual. During the investigation, we determined that a subset of data was likely copied from our systems.
“We urgently reviewed the data involved and have identified that the data primarily relates to CBS staff and a very limited number of clients. We have commenced notification of impacted individuals to provide further information and advice on steps they can take to minimise risks.
“We sincerely apologise for any concern this incident may have caused.”
Lynx claimed its first victim in July 2024 and has over 300 victims to date, according to Ransomware.live.
In a “press release” published on the gang’s leak site in July 2024, Lynx said its “clear intention” is to avoid “undue harm” to the companies it targets.
“We recognise the importance of ethical considerations in the pursuit of financial gain and maintain a strict policy against targeting governmental institutions, hospitals, or non-profit organisations, as these sectors play vital roles in society,” Lynx said.
“Our operational model encourages dialogue and resolution rather than chaos and destruction. We believe that fostering an environment where businesses can engage in constructive problem-solving can lead to better outcomes for all parties involved.”
While not yet listed, an anonymous source has informed Cyber Daily that the group also recently launched a ransomware attack against VETtrak, a student management system owned by ReadyTech that’s based in the Docklands of Melbourne, Victoria.
Be the first to hear the latest developments in the cyber industry.
