cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

LockBit ransomware gang claims hack on Queensland-based Q Automotive Group

Hackers claim to have customer and internal data totalling more than 50 gigabytes.

user icon David Hollingworth
Wed, 29 Nov 2023
LockBit ransomware gang claims hack on Queensland-based Q Automotive Group
expand image

The LockBit ransomware gang has allegedly claimed another Australian scalp, this time posting a swathe of data it claims belongs to a Queensland-based automotive franchise.

The Q Automotive Group has a number of dealerships across Queensland, offering both new and used cars, as well as finance, insurance, and parts and services.

The entry on LockBit’s leak site was first uploaded on 21 November, with a subsequent post adding the apparently exfiltrated data on 28 November after a 25 November ransom deadline passed. Included are links to either download or torrent a nearly 50-gigabyte compressed archive, as well as a file tree of every document included in the data breach.


The data appears to include payroll information for each of Q Automotive’s 12 dealerships, lease agreements, and redundancy payouts, as well as training details and motor sales licenses for many of the company’s employees. According to LinkedIn, Q Automotive employs between 200 and 500 personnel.

Also included is a folder of data related to COVID-19, with weekly wage reviews and JobKeeper details.

The payroll data also includes staff performance management notices, a number of driver’s licenses, and termination notices of dozens of ex-employees, as well as “consent to disclose information” forms.

Aside from payroll information, the data also includes CRM information such as daily follow-up reminders, sales logs, and user folders for the company’s staff with CTP green slips and registration paperwork. Service quotes, invoices, and crash assistance forms are also included.

The earliest documents appear to date back to 2012, while the latest date is up to September 2023.

All up, the file list appears to have more than 91,000 lines of data, each relating to a separate file or document.

When contacted by Cyber Daily regarding the incident, a member of Q Automotive’s IT team declined to comment.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.