Iconic probiotic company Yakult Australia has been hit by a significant cyber attack that has seen its company records and sensitive employee documents, such as passports, published on the dark web.
Key points:
- A sample of the files leaked, analysed by the ABC, reveal company data dating back to 2001
- Yakult Australia has confirmed it was impacted by a “cyber incident”, and says all its offices in Australia and New Zealand are still operating
- The ABC understands the attack is a ransomware attack — a type of cybercrime where hackers attempt to extort money from a company
Yakult Australia confirmed its Australian and New Zealand IT systems were impacted by a “cyber incident”.
In a statement on its website, it said it was “working with cyber incident experts to investigate the extent of the incident”.
“All our offices in Australia and New Zealand remain open and continue to operate,” the statement read.
The company, which is based in Dandenong in Melbourne, declined to comment further, but ABC Investigations understands it is the victim of a ransomware attack — a type of cybercrime where hackers attempt to extort money from a company and will publish stolen files if it is not paid.
The group that has claimed responsibility for the breach is DragonForce, a threat actor which has listed nearly two dozen targets since the beginning of December that had “refused to cooperate”.
Its targets range from a Texas-based family charity, to commercial entities including Coca-Cola in Singapore and a South Australian-based bathroom manufacturer.
In all instances, the group has published a cache of files of each of its victims.
These cybercriminals do not appear to be directly related to DragonForce Malaysia, a hacktivist group which has been targeting Israeli government agencies.
Copies of employee passports, drivers licences released by hackers
A sample of the 95 gigabytes of data leaked, analysed by ABC Investigations, found company records dating back to 2001.
The cache included sensitive employee information including scans of passports and drivers licences, pre-employment medical assessments and certificates, salaries, and performance reviews.
ABC Investigations has been able to determine at least one of the passport scans belongs to a warehouse employee. The ABC has also seen Japanese passports, where Yakult’s parent company is based, in the leaked cache.
A separate database also contains the names and addresses of nearly 9,000 people. It is unclear if these are customer records, but the ABC has been able to verify the accuracy of at least some of the names and addresses.
Yakult Australia had become aware of the cyber attack on December 15.
Five days later, DragonForce listed the probiotic company as one of its victims before publishing the stolen cache on Christmas Day morning.
ABC Investigations has not independently verified each of DragonForce’s published leaks.
The Australian Cyber Security Centre has been contacted for comment.