Cyber Incident Victim: William Buck
Date:
Apr 2025
Location:
Australia
Summary
William Buck experienced a cyber incident involving unauthorized access to its IT systems, potentially compromising some stored data. The organization activated its incident response plan, engaged external experts, and notified relevant authorities including the Australian Cyber Security Centre and law enforcement. While operational systems remain unaffected, impersonation attempts via email were reported, prompting advisories for stakeholders to verify communications. A limited number of files were identified as potentially impacted, with affected clients being directly notified, and an injunction was secured to prevent unauthorized sharing or access to compromised data across Australia and New Zealand.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 1, 2025, William Buck Australia publicly disclosed a cyber incident involving unauthorized access to its IT systems and potentially some data stored within those systems. The firm detected the intrusion and immediately activated its incident response plan, mobilizing an internal Crisis Management Team to secure systems and investigate the breach. External cybersecurity experts were engaged to assist with forensic analysis and validate response measures. Initial findings indicated a limited number of files were potentially compromised, prompting direct notifications to affected clients while broader impact assessments continued. The organization prioritized determining the full scope of data exposure but confirmed no operational disruptions to client services. Concurrently, William Buck reported the incident to the Australian Cyber Security Centre (ACSC), relevant government agencies, and law enforcement authorities. No evidence of data disclosure or exfiltration had been identified at the time of disclosure, though the investigation remained ongoing.
William Buck warned stakeholders of active impersonation attempts using fraudulent emails mimicking legitimate corporate communications, urging recipients to verify suspicious correspondence directly with their designated partners. As a precautionary legal measure, the firm obtained a court-ordered injunction prohibiting the sharing, dissemination, or access to any data potentially compromised in the incident, with enforcement applicable across Australia and New Zealand. This injunction served to protect client information by establishing legal consequences for unauthorized handling of affected data. Internal systems remained fully operational throughout the response period, with continued service delivery emphasized as unaffected. The organization committed to providing further updates as the investigation progressed, maintaining contact protocols for media inquiries through its Group COO. No additional technical specifics regarding attack vectors, attacker identity, or data classification were disclosed in the initial announcement.