Menzies Group is one of Australia’s largest privately owned cleaning companies, with over 2,200 employees and an annual turnover of almost $82 million. Operating since 1969, the company provides services to firms in regional areas as well as major cities.
The company was listed on the dark web leak site of the Qilin ransomware gang last week; however, the threat actor provided no information regarding the nature of the hack or the data they claim to have exfiltrated.
In response to Cyber Daily’s request for comment, Menzies Group confirmed the incident, saying that it came as a result of a third-party IT service provider the group has worked with for a long time.
“We have been responding to a cyber incident involving unauthorised third-party access to a limited part of our network, which occurred through an IT service provider with whom we have partnered for a number of years,” a Menzies Group spokesperson told Cyber Daily.
“As soon as we became aware of the incident, we immediately took steps to prevent any further access to our network and engaged external cyber security experts to assist in our response. They launched an immediate investigation to understand the nature and scope of the incident, and any impact to personal data.
“We have notified the Office of the Australian Information Commissioner (OAIC) and the Australian Cyber Security Centre (ACSC).”
Regarding Qilin’s claims of data exfiltration, the company said it was currently investigating the matter and that it would update its stakeholders as soon as it had information.
“We have now been made aware of claims made online regarding information allegedly associated with our organisation. Our cyber security experts are working urgently to assess the nature and scope of these claims,” the spokesperson said.
“We understand the importance people place on the security of their personal information, so we are treating this matter with the utmost importance. These investigations are complex and take time to complete with accuracy, especially given the incident occurred within the environment of a third-party IT service provider. However, we will continue to update all our stakeholders if we have any relevant and accurate information to share.”
Who is Qilin?
Qilin was first observed in August 2022 and has claimed 1,844 victims since. It has been one of the most – if not the most – active ransomware groups of 2026.
Like other ransomware-as-a-service (RaaS) operations, Qilin offers its ransomware to affiliates in return for a cut of any ransom profits. Cyber security training company SANS has noted that the group is highly active on certain hacking forums.
“Qilin is advertised on the exclusive Russian-speaking forum RAMP (short for Ransom Anon Market Place [sic]), where acquiring an account can cost up to $500 in BTC,” SANS said in an October 2025 blog post.
However, for all of its activity, many of the group’s leak posts remain entirely unconfirmed, with neither evidence of the hack nor any data published months later. Some observers have questioned Qilin’s ransomware chops, suggesting the group is more practised at finding open databases online and then extorting the victim; however, in many cases, the leaked data is real and eventually publicly shared.
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.
