The personal details of thousands of individuals and data held by a number of public institutions have been posted online after a call centre operator was hacked by an infamous ransomware gang.
Lockbit is often described as the world’s most harmful cybercrime outfit, and has quickly bounced back from attempts by global authorities to shut them down.
The organisation has now targeted OracleCMS, which operates call centres for a number of clients across Sydney, Melbourne, Brisbane, Perth and Adelaide.
OracleCMS provides customer management solutions to a range of clients in Australia.
OracleCMS appears to have been hit by a Lockbit attack earlier this month, with the organisation posting about the hack and publishing a number of sample documents it had obtained onto its own site on 12 April, as Cyber Daily reported.
While Lockbit did not make any public ransom demands, it listed a deadline of 16 April as the date it would publish the full trove of data that had been stolen.
As the deadline passed, the hackers proceeded to dump 60GB of data to the dark web, including the personal details of thousands of Australians and data held by numerous local organisations.
Included in the data dump was a folder labelled “clients” which contained data belonging to six local government entities including the City of Sydney, several law firms, a real estate agency and the Queensland branch of the Philadelphia Church of God.
A spokesperson for the City of Sydney confirmed the cyber incident against OracleCMS.
“OracleCMS is contracted to provide after-hours and overflow contact centre support for the City of Sydney,” the spokesperson said in a statement to Cyber Daily.
“We are working with OracleCMS to investigate an incident that impacted them and, if necessary, enhance the protection of our information held by them.
“At this stage, we understand that no City of Sydney systems were breached in this incident.”
Some of the information caught up in the breach included the on-call mobile numbers of various OracleCMS clients, an Excel spreadsheet with the location and metre ID of all the parking metres in Sydney, and the names and addresses of 2,000 people subscribed to the Philadelphia Church of God’s Key of David program.
The data is mostly made up of phone numbers of work emails of OracleCMS clients, although an aged care centre has also been caught up.
The data breached from this centre includes details of phone calls discussing illnesses and domestic violence incidents.
These calls are understood to not be personally identifiable.
Confidentiality agreements and contracts between OracleCMS and its clients have also been published on the dark web.
Infamous ransomware gang
Lockbit is widely regarded as one of the biggest ransomware operators in the world, and was responsible for nearly 20 per cent of all reported Australian ransomware attacks from 1 April 2022 to 31 March 2023.
The organisation is known to target hospitals, schools, businesses and government entities.
In February this year an international police operation shut down Lockbit’s servers.
But just days later the Lockbit website resurfaced along with a message downplaying the police bust.
In March a “cyber terrorist” associated with Lockbit was sentenced to four years in prison. The administration-level member of Lockbit was sentenced in a Canadian court, and was also ordered to pay nearly $US1 million in restitution to his victims.
