Security Alert, Blog

Seasons Darling Harbour Financial Data Published On Darknet

Seasons Darling Harbour Financial Data Published On Darknet

LockBit 3.0, the notorious ransomware group, continues its spree of data leaks, this time exposing information from a compromised system associated with Seasons Darling Harbour, which is part of the Seasons Apartment Hotel Group.

The situation unfolded with the company receiving a ransom demand and an apparent deadline to pay by September 2nd. Subsequently, the data was published shortly after this deadline passed.

However, although LockBit identifies the victim as Seasons Darling Harbour on its leak site, the data appears to encompass documents related to the operations of all four Seasons properties: Seasons Heritage Melbourne and Seasons Botanical Gardens in Melbourne, Seasons of Perth, and Seasons Darling Harbour in Sydney.

In addition to these properties, the posted data includes materials from Seasons Harbour Plaza in Sydney and documents from Seasons International Management in Perth.

While a significant portion of the leaked data pertains to financial matters, such as various accounts and invoices, there is limited customer information included. For instance, one invoice addressed to Travelscape – a subsidiary of Expedia – seems to list several customers and the durations of their stays.

Fortunately, it seems that no customer credit card details are part of the leak, and there is no substantial amount of personally identifiable information exposed. However, the banking details of certain Seasons Harbour Plaza staff members, dating back to 2016, are included in the leak.

Nevertheless, the leaked information extends beyond the hotel’s internal records. It contains numerous invoices from Season’s third-party suppliers, complete with company letterheads, account details, and points of contact. Cash flow data and other information, along with a small amount of CCTV footage, are also among the exposed content. The documents in the leak span from as early as 2011 to the most recent in 2023.

LockBit has been particularly active in targeting Australian organisations, previously being responsible for data leaks involving Pareto Phone, a telemarketing company collaborating with various Australian charities. Data from organisations like the Fred Hollows Foundation and Legacy Australia was also published by LockBit in August.

The ransomware group has expanded its operations internationally as well, with notable victims including Taiwan’s TSMC operation and security firm DarkTrace.