Medusa ransomware group stole about 800GB of data from Australia's Compass Group
Australian contract food and support services provider Compass Group has admitted to suffering a data security incident after the infamous Medusa ransomware group said it infiltrated the company’s systems and stole more than 780 gigabytes of confidential data.
Recently, the Medusa ransomware group claimed responsibility for a cyber attack on Compass and listed the group as a victim on its data leak site. The group claims to be in possession of 785.5 gigabytes of confidential data stolen from the company and has threatened to leak the same unless its ransom demands aren’t met by September 26.
Medusa has reportedly demanded a ransom of S$2 million to delete the data or sell it to interested buyers. It has also given Compass Group the option of extending the deadline by paying US$100,000 each day.
🚨🚨🚨Cyberattack Alert ‼️
— HackManac (@H4ckManac) September 17, 2024
🇦🇺Australia - Compass Group (Australian subsidiary), Medusa Demands $2,000,000
Medusa ransomware group claims to have breached the Australian subsidiary of Compass Group.
Compass Group is a British multinational contract foodservice company… pic.twitter.com/Bq9V5pnjQF
The group also shared several samples of the stolen data that included wage declarations belonging to Compass Group employees, scans of international passports and driver’s licences and various other internal documents.
Acknowledging the ransomware group’s claims, Compass Group said in a security incident notice published on its website that it has been investigating the data security incident since early September.
“The investigation is ongoing, and we are continuing to work closely with leading global cybersecurity experts, specialist legal counsel and regulatory authorities.
“Our security measures detected unauthorised activity on a server recently brought back online. In line with our security protocols, we disabled that system and contained the threat.
“Our priority is to ensure the ongoing security and stability of our systems and to provide support to those individuals whose high-risk information has been impacted.
“Importantly, we have progressed the forensic analysis of the data that we know has been impacted and have begun notifying people directly in instances where high-risk data has been accessed,” the group said.
The company has notified the Australian Cyber Security Centre and the Office of the Australian Information Commissioner and is working with them to resolve the issue at the earliest.
Most Viewed
New rules, rising threats: why lean IT teams must rethink cyber-securitySponsored by CORO CYBER SECURITY
Don’t allow AI experiments to become quiet business risksSponsored by alice.io
The Expert View: Reducing cyber-risk across OT and critical infrastructureSponsored by Claroty
The Expert View: Transforming security through risk intelligenceSponsored by Obrela
Winston House, 3rd Floor, Units 306-309, 2-4 Dollis Park, London, N3 1HF
23-29 Hendon Lane, London, N3 1RT
020 8349 4363
© 2025, Lyonsdown Limited. teiss® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543