Cyber Incident Victim: Henry Jones Art Hotel

On November 2, 2018, Federal Group, owner of Tasmania's Henry Jones Art Hotel in Hobart and Saffire Freycinet resort, notified past guests of a data breach involving unauthorized third-party access to a third-party email distribution system. The incident exposed personal details including guest names, email addresses, physical addresses, and telephone numbers. The breach resulted in some guests receiving unusual spam-type emails purporting to originate from the hotels. Federal Group confirmed the unauthorized access had occurred but stated the affected system was secured following discovery. The company initiated an internal investigation but declined to disclose whether law enforcement had been contacted or specify the number of individuals impacted by the breach.

Federal Group advised guests who received suspicious emails from either property to delete them without opening attachments. The company issued recommended security practices, including vigilance against phishing attempts, regular password updates for online accounts—particularly if passwords were reused—and enabling multi-factor authentication. Additional guidance covered installing updated antivirus software and applying operating system patches. While asserting the system was now secure, Federal Group provided no further technical details about the breach mechanism, duration of unauthorized access, or evidence confirming whether exfiltrated data had been misused beyond the spam campaign. The incident impacted guests of both high-end properties but did not affect Federal Group's Wrest Point casino operations based on available disclosures.