Cyber Incident Victim: Finite Recruitment
Date:
Oct 2021
Location:
Australia
Summary
A recruitment firm providing casual staff to NSW government agencies experienced a ransomware incident where attackers exfiltrated and published a small data subset on the dark web. Security systems detected and contained the breach swiftly, preventing operational disruption, with remedial actions completed afterward. The Conti ransomware group claimed theft of over 300GB of data, including financial records, customer databases containing contact details, employee passport information, and internal correspondence. The firm is investigating the compromised data scope and plans to notify affected individuals, preliminarily indicating limited stakeholder impact. NSW government agencies confirmed no service disruptions or compromised systems from the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In October 2021, IT recruitment firm Finite Recruitment experienced a cyber incident involving ransomware, which was detected by the company’s security monitoring systems. The attackers gained access to Finite’s IT environment and exfiltrated data before publishing a subset of it on the dark web. The company’s incident response team acted swiftly to contain the threat, shutting down the breach quickly without disrupting business operations. Finite confirmed the incident to ZDNet in December 2021, stating that remedial works had been completed post-incident and that the business remained fully operational. The firm initiated a review to determine the scope of stolen data, pledging to notify impacted stakeholders once the investigation concluded. Early assessments suggested only a relatively small number of individuals were affected, though the company did not specify a timeline for completing the review. Conti ransomware operators listed Finite on their leak site, claiming to have stolen over 300GB of data, including financial records, customer databases containing phone numbers and addresses, employment contracts with employees’ passport details, and internal mail correspondence.
Finite Recruitment provided casual staffing support to multiple New South Wales (NSW) government agencies at the time of the attack. The NSW Department of Customer Service acknowledged awareness of the incident but confirmed no government agency systems or services were compromised. Conti’s double-extortion tactic—threatening to leak stolen data unless ransom demands were met—mirrored attacks on other Australian entities, including Queensland’s CS Energy, which faced an ongoing Conti infection during the same period. Finite emphasized compliance with privacy obligations but did not disclose whether data pertaining to NSW government employees or clients was among the exfiltrated material. The company provided no further details about the initial attack vector, remediation measures, or coordination with law enforcement. No operational disruptions or financial penalties were reported, and the incident remained under investigation as of the article’s publication date.