In a notable cyber assault, Yakult Australia, a prominent probiotic company, has fallen victim to a substantial data breach, leading to the exposure of sensitive corporate information and employee documents on the dark web. The attack disrupted the company’s IT systems in both Australia and New Zealand, triggering an investigation supported by cyber incident specialists. Despite the breach, Yakult Australia’s operations persist, showcasing the company’s resilience in the face of adversity.
DragonForce Claims Responsibility
The cyber attack is suspected to be a ransomware incident, with the infamous hacker group DragonForce claiming responsibility. The group has threatened to release stolen files unless a ransom is paid, illustrating its indiscriminate approach to cybercrime by targeting various organizations, including charities and commercial enterprises, since the beginning of December.
Extent of the Data Leak
The leaked data from Yakult includes a wide range of sensitive information, such as employee passports, driver’s licenses, medical evaluations, certificates, salaries, and performance appraisals. Japanese passports among the compromised files highlight the company’s ties to its parent company in Japan. Additionally, a database containing nearly 9,000 names and addresses was discovered, raising concerns about potential customer record compromise. This extensive data leak underscores the comprehensive nature of the breach and the potential for far-reaching impacts on both employees and customers.
Ongoing Investigation
Yakult Australia became aware of the cyber attack on December 15, with DragonForce releasing the stolen data on Christmas Day, strategically maximizing disruption during the holiday period. ABC Investigations has not verified the authenticity of all DragonForce’s leaks, and the Australian Cyber Security Centre is expected to provide a statement. As the investigation continues, Yakult Australia, alongside cyber incident experts, will diligently assess and mitigate the impact of this significant breach.