Sydney-based Compass Group has confirmed a significant ransomware attack conducted by the Medusa gang, a notorious group known for its high-profile cyber extortion campaigns. The attack, revealed when Medusa listed Compass Group on its darknet leak site, involved the theft of approximately 785.5 gigabytes of data. This stolen data includes sensitive documents such as wage declarations, international passports, and driver’s licenses. The ransomware group has demanded a $2 million ransom for the deletion of the stolen data, with an option to extend the ransom deadline by one day for an additional $100,000.
The breach was first detected on September 4, 2024, prompting Compass Group to initiate its incident response plan immediately. In response to the attack, the company engaged third-party forensic experts to investigate the breach and proactively disabled the affected systems to mitigate further damage. Despite these efforts, some data was compromised. Compass Group is currently working with experts to assess the full impact of the breach and determine exactly what information was accessed.
In the aftermath of the attack, Compass Group has taken several steps to manage the situation. The company has notified its employees, clients, and suppliers about the breach and is providing guidance on how to handle potential concerns related to the exposure of personal information. Additionally, Compass Group has reported the incident to the Australian Cyber Security Centre and the Office of the Australian Information Commissioner, who are assisting with the investigation and response.
As Australia’s largest food and support services provider, Compass Group plays a vital role in sectors such as education, mining, defense, and healthcare. The breach has significant implications for the company’s operations and its stakeholders. Compass Group has issued an apology for the distress caused by the incident and is focused on enhancing its cybersecurity measures to prevent future attacks. The company’s response includes ongoing communication with affected parties and efforts to bolster data protection strategies to safeguard against similar threats in the future.
