Cyber Incident Victim: Clutch Industries
Date:
Jan 2025
Location:
Australia
Summary
An Australian auto parts manufacturer experienced a cyber incident involving the Lynx ransomware gang, which claimed theft of 350 gigabytes of internal operational data, including employee information, financial records, engineering specifications, and sales materials. The company acknowledged the breach and initiated an investigation to verify impacted information, emphasizing that primarily non-sensitive corporate data was involved while pledging to notify stakeholders if personal details were compromised. Security enhancements were implemented, and authorities were notified. The attackers employed double extortion tactics, threatening data publication unless payment was received. Lynx, a relatively new ransomware group, has targeted over 100 entities globally, including other Australian businesses.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Clutch Industries, an Australian auto parts manufacturer based in Coburg North, Victoria, became aware of a cyber incident after the Lynx ransomware gang listed the company on its darknet leak site on 19 January 2025. The gang claimed to have exfiltrated 350 gigabytes of data, including user and business data, employee information, financial details, and unspecified data from shared drives and personal folders. Clutch Industries publicly confirmed the incident days later, stating it was working to verify the scope and nature of the compromised information. Initial findings suggested the impacted data primarily involved internal company and operational records, with limited evidence of personal or sensitive data exposure at that stage. The company engaged with the Australian Cyber Security Centre and implemented security upgrades to prevent further breaches. A spokesperson acknowledged potential stakeholder concerns but emphasized efforts to resolve the situation promptly while adhering to regulatory obligations regarding potential data breach notifications.
Published data samples indicated the theft encompassed shared user folders, purchasing and stock records, engineering specifications, and sales and marketing materials. Lynx, a ransomware operation active since July 2024 with 113 claimed victims prior to Clutch Industries, employed double extortion tactics by encrypting victim systems and threatening data publication unless ransoms were paid. The group’s previous Australian target, Novati Constructions, had been listed on 13 January 2025. Clutch Industries operates distribution centers across Melbourne, Sydney, Perth, Brisbane, New Zealand, the UK, and the US, though the incident’s operational disruption impact remained unspecified. The company maintained its investigation priority was confirming data exposure details, particularly regarding personal information, while reinforcing cybersecurity defenses post-incident. No ransom payment or data publication timeline was disclosed by either party.