Elite Fitness, a supplier of fitness and gym equipment in New Zealand, has confirmed a ransomware attack that compromised employee and customer data.
In an interview with Cyber Daily, Elite Fitness confirmed that the DragonForce ransomware group claimed responsibility for the attack on its dark web leak site on July 2, stating it had acquired 5.31 gigabytes of the company’s data.
The incident was detected last month.
An Elite Fitness spokesperson told Cyber Daily that the company detected unusual activity from an unauthorised third party on one of its systems on June 26.
“Our incident response team have determined that it was a sophisticated cyberattack, which led to a data leak of 5GB of data by an international cyber gang, DragonForce. Following the review of exfiltrated data over the past few days, Elite’s cyber incident response team believes that the information leaked unfortunately affects a small list of customers and some staff,” the spokesperson said. “All affected have been contacted. Other information leaked relates to its business operations, including product user guides, creditors invoices, and general documents.”
Elite Fitness said it has notified New Zealand’s Computer Emergency Response Team and relevant government agencies. Its response efforts are ongoing, and its website is currently offline.
According to Cyber Daily, DragonForce released the data overnight, posting nearly 10,000 files on its leak site. The data includes a substantial number of invoices, receipts, banking and credit card statements, and other business documents. Additionally, it features scans of several passports, credit cards, driver’s licenses, immigration documents, and finance applications.
During the same month, ticket sales giant Ticketmaster and Auckland retailer Smith & Caughey’s confirmed major cybersecurity breaches that could have impacted customers in New Zealand.
The hacker group ShinyHunters claimed to be responsible for the Ticketmaster system breach, allegedly obtaining data on around 560 million customers worldwide, including names, addresses, partial credit card data, phone numbers, and purchase history.
Meanwhile, the hacker group LockBit claimed to have accessed Smith & Caughey’s financial, HR, accounting, management, and IT department data.
Amid the rise of cyberattacks in New Zealand, a recent study by a data protection and data management software company highlighted significant gaps in cyber recovery among Australian and New Zealand organisations.
