8Base ransomware gang claims attack on Australian RSL group
Learn More
The Castle Hill RSL Group (CHRG), now known as CHRG, has been reported as a target of the 8Base ransomware gang, which publicly claimed responsibility for an attack that occurred in February, 2024. CHRG operates several clubs, including the Castle Hill RSL, Club Parramatta, Castle Hill Fitness & Aquatic Centre, Lynwood Country Club, and Lynwood Golf Club.
CHRG discovered a "cyber incident" on 17 February 2024, which led to immediate actions to contain the threat and engage cybersecurity experts for investigation and response.
Despite the ransomware gang's claims, CHRG has reassured its members and the public that critical systems such as sign-in credentials, the membership database, and point-of-sale systems appear to be unaffected based on ongoing forensic investigations.
The organization emphasized that while it does collect membership data to facilitate services and club benefits, and by law, checks photo IDs of guests, these details are not stored in the membership database. CHRG encourages members to remain vigilant and has committed to reaching out to any individuals impacted by the incident, providing an email address for members to express specific concerns.
Exposed data types: (Based on 8Base's claim, since CHRG's investigations are ongoing and haven't confirmed data exposure)
- Invoices
- Receipts
- Accounting documents
- Personal data
- Confidential information
Specific details about the extent of data access or the number of affected individuals have not been disclosed by CHRG. The organization continues to work diligently to investigate the incident and mitigate any potential impacts.
The incident has been reported to the Australian Cyber Security Centre, and CHRG is cooperating with regulators, including the Office of the Australian Information Commissioner.
CHRG's efforts to handle the situation transparently and its commitment to identifying any potential access to personal information are ongoing, recognizing the complexity of cyber security incidents and the importance of maintaining the security and privacy of member information.
