Meli, a Victorian-based not-for-profit community support organization, has confirmed a significant cyber attack after the Qilin ransomware group listed it on their darknet leak site. The attack, which reportedly took place on August 21, 2024, has led to the theft of 419,617 files totaling 215 gigabytes. The stolen data includes sensitive documents such as financial statements, confidentiality agreements, and personal identification materials like passports and Medicare cards. Meli’s announcement follows the release of 14 screenshots by the ransomware gang, which were used to verify the stolen data.
In response to the breach, Meli stated that it has taken immediate steps to secure its systems and is working with forensic specialists to investigate the extent of the damage. While the attack has not impacted client services, some internal processes have been disrupted, leading to temporary shifts to manual or paper-based operations. The organization emphasized that maintaining client support remains its top priority as it continues to address the situation.
Meli has reported the incident to Victoria Police, the Australian Cyber Security Centre (ACSC), and other relevant government agencies. The organization is actively working with these authorities to manage the fallout and protect affected individuals. An updated statement from Meli acknowledges that evidence of the stolen data has been published by unauthorized third parties, and the organization is taking precautionary measures to mitigate any potential risks.
This cyber attack highlights the growing threat of ransomware to not-for-profit organizations and underscores the importance of robust cybersecurity measures. Meli, which was formed in 2023 through the merger of several community support services, remains committed to supporting its clients and the broader community despite the challenges posed by this incident. The organization’s response reflects its dedication to transparency and integrity while it continues its investigation and works to enhance its cybersecurity defenses.
Reference:
