iscover
Share this article on:
The personal details of thousands of individuals and more than a dozen local councils have leaked onto the dark web following a LockBit ransomware attack.
Infamous ransomware operator LockBit has struck again, this time targeting an Australian call centre operator.
LockBit appears to have made its attack on OracleCMS, which operates call centres across Australia, on 4 April before posting about the incident on its leak site on 12 April.
The gang did not editorialise on the attack but did publish several sample documents, including billing and financial details. LockBit also did not declare the ransom demand, only giving a deadline of 16 April before the entire dataset was published.
That deadline passed, and true to its word, LockBit has now published more than 60 gigabytes of data in a single compressed archive. The gang is also hosting the individual files on its leak site, and the data includes a large number of documents regarding OracleCMS’ clients.
In a folder labelled “Clients”, there are more than 50 folders for organisations, ranging from local councils to aged-care services. More than a dozen local councils are on the list, including Campbelltown Council, Tweed Shire Council, and Dandenong City Council.
Another half dozen folders contain files regarding the City of Sydney and five other local government entities – the cities of Kwinana, Moreton Bay, Playford, Busselton, and Marion.
Other OracleCMS clients listed in the leak include several law firms, a popular real estate agent, and the Queensland branch of the Philadelphia Church of God.
The client data ranges from on-call mobile numbers for various clients, all the way to detailed Excel spreadsheets with thousands of lines of data covering everything from, for instance, the location and metre IDs of every parking metre in the City of Sydney to a list of more than 2,000 people – including names and addresses – who subscribe to the Philadelphia Church of God’s Key of David program.
Generally speaking, much of the data is simply phone numbers and work emails of OracleCMS’ clients – pretty mundane stuff – but other data includes details of phone calls reporting issues to aged-care providers, including illnesses and domestic violence incidents. This data does not appear to be personally identifiable, but it is distressing content to see published on the dark net nonetheless.
Also included are client contracts, confidentiality agreements, and other internal OracleCMS documents.
OracleCMS has so far declined to comment on the incident, and Cyber Daily has reached out to the Philadelphia Church of God, as well as several other impacted clients.
The City of Sydney, however, is aware of the incident.
“OracleCMS is contracted to provide after-hours and overflow contact centre support for the City of Sydney,” a City of Sydney spokesperson told Cyber Daily.
“We are working with OracleCMS to investigate an incident that impacted them and, if necessary, enhance the protection of our information held by them.
“At this stage, we understand that no City of Sydney systems were breached in this incident.”
According to OracleCMS’ website, the company operates call centres in Adelaide, Perth, Brisbane, Melbourne, and Sydney.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
