Exclusive: Tassie hospitality group confirms CMD Organization ransomware attack

The data is currently on sale to the highest bidder, with an asking price at the time of publication of 9BTC, or approximately $1 million.

The Goodstone Group is aware of the claims and has confirmed it is in the process of responding to the incident.

“On 18 April 2026, The Goodstone Group began responding to a cyber security incident,” a Goodstone Group spokesperson told Cyber Daily.

“We immediately took steps to contain the incident, engaged external cyber security experts and notified the Australian Cyber Security Centre and Tasmanian government. We found evidence that cyber criminals removed some data from our network.”

“We are aware that cyber criminals are claiming to have stolen some data from The Goodstone Group. We apologise for the concern this news may cause.”

The Goodstone Group said its investigation into the incident is ongoing, and determining the extent of the impacted data is a priority.

VIEW ALL

“As the investigation progresses, we will contact impacted parties directly as required to provide support and guidance,” the spokesperson said.

“Although there is nothing our community needs to do at this time, we remain available to you via email at [email protected].

“The Goodstone Group would like to thank our community for their patience during this time.”

Who is CMD Organization?

CMD Organization posted details of its first victim on 2 May, and has claimed a total of eight victims, including the Goodstone Group, which is its first Australian victim.

Like many similar groups, the hackers consider themselves a legitimate organisation.

“CMD is a new kind of company that specialises in corporate system security and in identifying vulnerabilities across all aspects of the software used by a company. CMD operates on a global scale recognising the critical importance of timeliness and confidentiality,” the group said on its leak site.

“Our mission is to create a secure online environment where every company is safely protected and immune to user data breaches.”

According to cyber security firm Beazley Security, CMD Organization operations began in March, and its tradecraft suggests a “potentially well-networked operator but with limited operational maturity, possibly leveraging initial access brokers (IABs) and limited original tooling”.

One of the group’s unique tactics is allowing anyone to bid on stolen data offered on its website, potentially driving up the price for victims to secure their data.

“If CMD Organization can shift part of the traditional ransom and extortion process away from private negotiations to public bidding opportunities, selling exclusive access to stolen data could increase the price according to the given demand of an actor,” Beazley Security said in a 14 May blog post.

“Locking the sale to a single buyer could empower the winner with exclusive access to the stolen data, giving time to sift through and operationalise credentials, identities, customer records, or other sensitive information before it is circulated to competing threat actors.”

Who is the Goodstone Group?

The Goodstone Group operates several hotels, restaurants, bars, and bottleshops in Davenport and the surrounding areas in northern Tasmania.

According to the company’s website, the group employs “over 350 Tasmanians in nine hotel properties, five stand-alone bottleshops and a nightclub property”.