Thursday, November 21, 2024

Exclusive: New Zealand’s Elite Fitness confirms DragonForce ransomware attack

Must read

Exclusive: New Zealand’s Elite Fitness confirms DragonForce ransomware attack

Fitness equipment supplier says customer and employee details breached as hackers post data to the darkweb.

New Zealand fitness and gym equipment supplier Elite Fitness has confirmed it was the victim of a ransomware attack and that employee and customer data has been impacted.

The admission comes days after the DragonForce ransomware gang first made the claim on its darkweb leak site on July 2, saying it had 5.31 gigabytes of the company’s data.

The actual attack was detected last month, however.

“Elite Fitness detected unusual activity from an unauthorised third party on one of its systems on the night of Wednesday 26th June,” an Elite Fitness spokesperson told Cyber Daily.

“Our incident response team have determined that it was a sophisticated cyber-attack which led to a data leak of 5GB of data by an international cyber gang, DragonForce. Following the review of exfiltrated data over the past few days, Elite’s cyber incident response team believes that the information leaked unfortunately affects a small list of customers and some staff.

“All affected have been contacted. Other information leaked relates to its business operations including product user guides, creditors invoices and general documents,” the spokesperson said.

Elite said it has notified New Zealand’s Computer Emergency Response Team as well as the relevant government agencies. The company’s response is ongoing, and its website is currently offline.

DragonForce published the data overnight, posting just shy of 10,000 files on its leak site. The data features a large number of invoices and receipts, banking and credit card statements, and other business documents. However, the data also includes scans of several passports, credit cards, and driver’s licences, as well as immigration documents and finance applications.

DragonForce has had an active start to the month, having already posted seven victims to its leak site. The gang was responsible for recently hacking New Zealand online horse racing platform EvoEvents in June, and Australian immigration consultancy the Aussizz Group in May.


David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

Latest article