Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Hackers are threatening to publish more than 100 gigabytes of customer and human resources data within days.
The INC Ransom ransomware operation has listed popular Australian fashion outlet Oxford as a victim on its darknet leak site.
The hackers claimed responsibility for the hack in an initial 1 December leak post that shared very little detail about the alleged incident, other than some basic information about the alleged victim.
Groups like INC Ransom often use business summaries from market intelligence sites to summarise their victims, and in this case, the description of Oxford comes from ZoomInfo and includes a brief description of the victim’s business, its revenue, employee count, and industry.
However, a day later, on 2 December, INC Ransom shared more details of the hack.
According to this update, the hackers claim to have exfiltrated 111 gigabytes of data, which allegedly includes contracts, financial documents, and customer and HR data.
A countdown on the leak post suggests further data will be published on approximately 6 December.
Oxford has not responded to Cyber Daily’s request for comment on the incident.
INC Ransom appears to have a particular affinity for Australian organisations, with at least eight local entities listed on its leak site in 2025 alone.
The gang was first observed in August 2023 and has claimed 572 victims since then. INC Ransom’s last Australian victim was construction contractor Facade Innovations, which the gang claimed to have attacked in November.
The gang is known for using spear phishing tactics, which it employs to gain initial access, and for using double-extortion techniques to pressure its victims. INC Ransom both encrypts the data it steals and then threatens to publish that data online if a ransom payment is not received.
Ransomware actors have listed more than 100 Australian organisations as victims in 2025 alone.
Oxford is a popular retailer of men’s and women’s fashion and accessories, with 24 stores in Sydney, Melbourne, and Adelaide.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
