Cyber Incident Victim: H&L Australia

On or around July 18, 2016, hackers breached Australian point-of-sale technology provider H&L Australia, according to evidence obtained by cybersecurity firm Hold Security. The attackers gained unauthorized access to the company’s systems, establishing a backdoor and exfiltrating a customer database. Chat logs from underground forums revealed negotiations between the seller and a prospective buyer, with the seller providing credentials to a shell on H&L’s server at hlaustralia.com.au and confirming all company websites resided on a single server. The hackers offered administrative control panel access and a database dump for 27 Bitcoins (approximately AU$22,000), with the transaction scheduled for July 27. A screenshot of the alleged 14.1GB database showed fields including login credentials, passwords, and database names, though the full contents were not independently verified.

H&L Australia did not publicly confirm the breach but acknowledged The Register’s inquiries by indicating it was notifying stakeholders, suggesting internal validation of the incident. The company’s client base included major retailers such as the Australian Leisure and Hospitality Group (ALH), which operated 330 pubs and clubs nationally, and Woolworths supermarkets through its ALH joint venture. Potential impacts included exposure of customer credit card data, staff payroll information, and loyalty program details due to interconnected PoS systems. Security experts noted the breach likely originated from common attack vectors like SQL injection or file upload vulnerabilities. CERT Australia received notification of the incident but did not comment publicly, instead reiterating standard guidance for businesses to implement cybersecurity controls. By September 2016, the alleged backdoor and database links had been disabled, though H&L provided no detailed remediation timeline or forensic findings.