Yakult Australia reports cyber attack and data leak

Yakult Australia reports a a cyber incident which affected its IT systems in both Australia and New Zealand, leading to a data leak. The breach occurred in mid-December, posing major challenges during a busy time of year. Yakult Australia is the Australian division of Yakult, a multinational company known for producing and selling probiotic dairy products, most famously the Yakult fermented milk drink.

DragonForce, the suspected threat actor behind the incident, reportedly compromised over 95GB of Yakult's data.

The data leak includes sensitive information such as

• company database,
• contracts,
• passports, 
• other data.

Yakult's Australia director, David Whatley, acknowledged the incident on December 15 but stated that the full extent of the breach was still under investigation with the help of cybersecurity experts.

DragonForce threatened to publish the leaked data on its dark web site on December 20 and apparently it contains

• business documents,
• spreadsheets,
• credit applications from Yakult Australia,
• employee records,
• identity documents like passports.

No details are disclosed about the nature of the attack or number of affected individuals.

Yakult has been responding to the incident with ongoing investigations and has notified relevant cybersecurity and privacy authorities in both Australia and New Zealand. Although Yakult was contacted for further information regarding the leak, an immediate response was not available.