Ransomware Gang Steals Employee and Customer Data From LJ Hooker

A ransomware gang claims to have stolen 375 gigabytes worth of employee and customer data from a franchise of the Australian real estate giant, LJ Hooker, including passport scans, credit card details, and loans data.

On November 30, LJ Hooker was added to the victim list of Russia-linked ransomware gang, ALPHV, also known as “BlackCat”, in a blog post on the dark web previewing some of the data stolen in the breach. 

So far, the group has published passport details of staff members, seen by VICE, along with login details to a throng of social media accounts, a couple of profit and loss statements, and a property sale contract. 

In the blog post, the group claimed to have even more “internal company data”, that might include “employees personal data”, such as their “ID’s”, and that of their clients, including “financial data” and “credit card information”.

VICE was able to independently verify parts of the preview, which is related to one LJ Hooker office, located in New South Wales.

A spokesperson for LJ Hooker confirmed in a statement to VICE that at least one of its offices had fallen victim to a data breach. She said the company is currently taking steps to protect the data of its customers from another breach, and has “notified the relevant government cyber and data bodies.” LJ Hooker is still working to get a hold on the scope of the breach.

ALPHV was first known to Australian authorities in late 2021 as a “ransomware-as-a-service” program linked to “Russian-speaking cybercrime actors”. In 2022, the group is considered by authorities to pose an “increased” threat to the Australian “government” and “critical infrastructure” organisations. 

The collective is broadly understood to be one of the groups that was behind last year’s breach of the largest fuel pipeline in the United States, Colonial Pipeline, which supplies about 45 percent of the gasoline consumed on the east coast. 

The hack left just under 10,000 gas stations without gas and led to a wave of panic-buying before Colonial eventually caved to the group and paid a ransom of 75 Bitcoin, which was worth about $US5 million at the time. 

In Australia, LJ Hooker has become the third major company to fall victim to a large-scale data breach in the last three months. 

Optus came first, when it was reported on September 22 that the telecommunications behemoth had been hit by a cyber attack impacting the data of up to 9.8 million Australians. It would later become the biggest hack in Australian history.

Medibank fell victim to a similar attack shortly after, when it was reported on October 13 that the personal details of about 3.9 million Australians had been compromised. 

The patient records of more than 1,500 people were posted to the dark web over the course of November, before the hackers posted another 5GB data dump last week, announcing the “case closed”.

Follow John on Twitter.

Read more from VICE Australia and subscribe to our weekly newsletter, This Week Online.