In a major blow to the renowned probiotic company, Yakult Australia has fallen victim to a significant cyber attack, leaving its company records and sensitive employee documents, including passports, exposed on the dark web.
The iconic Australian brand, with a strong presence in Melbourne, confirmed the intrusion, citing a "cyber incident" affecting its IT systems in both Australia and New Zealand.
Yakult Australia Begins Investigation
Notorious ransomware gang DragonForce hit Yakult Australia in its latest operation. Reports say that the group leaked sensitive data of employees on the dark web.
As reported by ABC, Yakult Australia has initiated an investigation, collaborating with cybersecurity experts to assess the full extent of the breach. While details are scarce, the company acknowledged the severity of the situation and is actively working to contain the fallout.
"All our offices in Australia and New Zealand remain open and continue to operate," the statement read.
The group claiming responsibility for this breach is DragonForce, a formidable threat actor that has been targeting organizations since December.
According to the authorities, the cybercriminal entity resorts to ransomware attacks, coercing entities into payment under the threat of exposing sensitive files. Notably, DragonForce has previously targeted diverse entities, from a Texas-based charity to global corporations like Coca-Cola.
Just a few days ago, it also targeted the Ohio Lottery system. The cyberattack rendered mobile and prize cashing inaccessible temporarily.
Related Article: Russian Ransomware Group BlackCat Seized by US: Decryption Tool Distributed to Over 500 Victims
DragonForce Ransomware Gang Leaked 96GB of Data
Examining a portion of the leaked 95 gigabytes of data, ABC Investigations uncovered a trove of company records dating back to 2001.
Furthermore, the exposed cache includes an array of sensitive employee details, such as passport scans, driver's licenses, pre-employment assessments, salary information, and performance reviews.
Intriguingly, a database within the cache contains names and addresses, leaving questions about whether these are customer records.
Yakult Australia Was Aware About the Attack
Yakult Australia became aware of the cyber attack on Dec. 15. Subsequently, DragonForce listed the company as one of its victims just five days later, with the stolen cache making its way to the dark web on Christmas Day morning.
As the fallout unfolds, the company's response to this cyber incident becomes crucial.
With cybersecurity at the forefront of organizational challenges, the incident highlights the need for businesses to strengthen their digital defenses in an era where cyber threats continue to evolve.
Ransomware attacks keep on pouring as New Year approaches. Authorities are always urging the public to be on the lookout for some suspicious activities online.
As usual, hackers are always desperate to steal the precious data of users in exchange for instant money. It's always important to take even the basic precautionary measures when it comes to cybersecurity.
