Cyber Incident Victim: Nexia Australia Services Pty Ltd

On November 3, 2020, Nexia Australia and New Zealand, a Melbourne-based accounting and consultancy firm network, experienced a ransomware attack involving the Windows REvil malware. The company immediately engaged external IT consultant Systima to manage the incident response. A Nexia spokesperson asserted that no data exfiltration occurred during the attack, citing two reports to support this claim: one from Systima and another from the Vocus telecommunications exchange, both dated November 11, 2020. The firm maintained that these analyses confirmed the integrity of their data despite the ransomware encryption event. Nexia publicly denied media reports suggesting data theft had occurred, framing the incident strictly as a ransomware encryption attack without supplementary data compromise.

Conflicting accounts emerged regarding media coverage of the incident. A November 10 news report alleged data theft during the attack, prompting Nexia to condemn the publication. The news outlet countered that they had solicited Nexia’s response on November 7 but received no reply prior to their November 10 publication deadline. This discrepancy highlighted unresolved questions about whether attackers accessed sensitive information, though Nexia’s consultants formally disputed exfiltration claims eight days post-incident. The company’s public communications focused exclusively on rebutting data breach allegations while acknowledging the ransomware’s disruption to operations. No further technical details about attack vectors, containment measures, or operational impacts were disclosed beyond the confirmation of Systima’s involvement and the reliance on third-party forensic reports.