Cyber Incident Victim: Federal Group
Date:
Apr 2021
Location:
Australia
Summary
A ransomware attack targeted Tasmania's sole casino operator, disrupting electronic gaming machines and hotel booking systems across multiple venues for an extended period. The incident involved file encryption and a cryptocurrency ransom demand, prompting engagement with the Australian Cyber Security Centre and external experts to contain the breach. Former IT personnel raised concerns about potential compromise of historic credit card data stored in hospitality systems alongside gaming infrastructure. The prolonged outage caused substantial financial losses given the operator's significant monthly poker machine revenue. While law enforcement acknowledged the incident, no formal investigation was initiated, and the company did not confirm whether it reported a notifiable data breach to privacy authorities. Cybersecurity experts highlighted casinos as prime targets for such attacks due to their financial nature and legacy systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
A ransomware attack impacted Federal Group's casino and hospitality operations in Tasmania, first detected on April 3, 2021, when electronic gaming machines (pokies) and hotel booking systems became inoperative across multiple properties. The attack affected Wrest Point Casino, Country Club Casino, Saffire Freycinet, MACq 01, and the Henry Jones Art Hotel, disrupting core revenue-generating activities and guest services. Federal Group executive director Daniel Hanna confirmed the incident involved ransomware after sustained questioning from the ABC, though the company did not disclose initial detection methods or specific attacker identifiers. Union representatives reported staff had observed ransom messages demanding cryptocurrency payments, consistent with typical ransomware operations that encrypt files until payment is received.
The outage persisted for over a week, with Federal Group engaging external cybersecurity experts and notifying the Australian Cyber Security Centre (ACSC), which coordinated law enforcement involvement and forensic analysis. Despite containment efforts, the company declined to provide restoration timelines for affected systems. Former IT employees raised concerns that historic credit card data in hotel booking systems and electronic gaming infrastructure may have been compromised, though Federal Group did not confirm whether it reported a notifiable data breach to the Office of the Australian Information Commissioner as required under the Privacy Act. Financial impacts were substantial, with Tasmania's Liquor and Gaming Commission data showing Federal Group's casinos averaged $6.7 million monthly in poker machine revenue. The Australian Federal Police acknowledged awareness of the incident but did not initiate an investigation due to lack of formal reporting. Industry experts highlighted casinos' attractiveness as cyberattack targets due to their financial operations and legacy systems, though no attribution or specific ransomware variant was disclosed in available reports.