Cyber Incident Victim: Meli
Date:
Aug 2024
Location:
Australia
Summary
Meli, an Australian not-for-profit community support organization, experienced a cyber attack by the Qilin ransomware gang, resulting in the theft of 419,617 files (215 GB) including financial documents, confidentiality agreements, and personal identification scans. The organization secured its systems upon detection, engaged forensic specialists, and maintained client services while reverting some internal operations to manual processes. Qilin later published a subset of stolen data, prompting the victim to issue precautionary guidance and notify law enforcement and regulatory bodies, including the Australian Cyber Security Centre and Victoria Police. The investigation remains ongoing to determine the full scope of compromised information.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Meli, a Victorian-based not-for-profit community support service formed through mergers in 2023, confirmed a cyber attack in a public statement on its website following its listing on the Qilin ransomware gang’s darknet leak site. The Qilin group claimed responsibility for the attack, which occurred on 21 August 2024, alleging the theft of 419,617 files totaling 215 gigabytes of data. To substantiate their claims, Qilin published 14 screenshots of compromised documents, including financial statements, confidentiality agreements, expired and current passports, and a Medicare card. Meli detected the incident promptly, securing its systems and engaging forensic specialists and cybersecurity advisors to investigate the breach. While client services remained operational, some internal processes reverted to manual or paper-based alternatives during the disruption. The organization initiated an investigation to determine the nature and scope of potentially exposed data, emphasizing the complexity of the incident and the need for thorough analysis before releasing definitive conclusions. Meli notified multiple authorities, including Victoria Police, Victoria Health, and the Australian Cyber Security Centre (ACSC), about the breach. Qilin did not publicly specify a ransom demand or payment deadline at the time of the initial disclosure.
On 26 August 2024, Meli issued an updated statement confirming that a subset of files had been exfiltrated and published externally by an unauthorized third party, aligning with Qilin’s data release. The organization reiterated its commitment to investigating the extent and sensitivity of the published data while urging affected individuals to take precautionary steps to protect their personal information. Meli expanded its notifications to include the Office of the Australian Information Commissioner, the Office of the Victorian Information Commissioner, and relevant Victorian and Commonwealth government departments. The organization maintained that client services remained unaffected and prioritized ongoing community support, acknowledging the continued backing of its funders. Qilin’s attack on Meli occurred amid a surge in the gang’s activity, with 13 victims listed on its leak site since 10 August 2024, including healthcare entities and the New York Sports Club. Meli’s investigation remained ongoing, with no further details disclosed regarding the specific systems compromised or the full scope of data impacted.