Like a jack-in-the-box, the LockBit ransomware operation keeps popping up, reminding cyber watchers that – despite several takedowns – it is still capable of a little low-key cyber crime.
Now, also like a jack-in-the-box, it’s keeping company with another popular toy: teddy bears.
And not just any teddy bear. The hacking group has listed popular children’s toy outlet Charlie Bears as a victim on its darknet leak site, where it has claimed a breach of the company’s network.
The toy store was added to the group’s leak site alongside five other new victims on 15 March, with a publication deadline of 29 March. That deadline has passed, and LockBit has subsequently published the alleged breach.
The data appears to be legitimate and includes employee contact information, staff training documents and timesheets, and inventories and stock levels.
Sadly, the passports of several bears also appear to have been compromised (seriously, this is not an April Fools’ joke – Charlie Bears provides novelty passports with its bears). LockBit has published the data in a 22.9-gigabyte archive.
Charlie Bears did not respond to a request for comment from Cyber Daily.
Who is LockBit?
LockBit – or at least the LockBit brand – is now technically LockBit5.0. It’s been the target of numerous law enforcement efforts, particularly website takedowns.
For a time, the group was the most active – and dangerous – ransomware operation in existence, but the takedowns took a toll, and for a time, the hackers were more well known for rehashing old leaks as fresh breaches.
In its current incarnation, the group operates under a ransomware-as-a-service model, hiring out its services to affiliates for a cut of any ransom profits.
While the group was operating as LockBit3.0, it racked up more than 2,000 victims around the globe, including many Australian organisations. Under the LockBit5.0 moniker, the group claims to have hacked 203 victims.
LockBit’s most recent Australian victim was the Aeromedical Society of Australasia, which was listed by the hackers on 11 February.
Who is Charlie Bears?
Charlie Bears has outlets in the United States, the United Kingdom, and Australia. This breach, however, appears to impact only the Australian operation.
Charlie Bears creates unique bear designs each year, complete with backstories – it has crafted 2,500 designs since the store began retailing in 2005.
The company operates dozens of stores in Australia and New Zealand. Toys in the current 2026 range include an elephant called Bubbles, a bear called Bilbo, and a haggis called Daddy McDoodle.
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.