Cyber Incident Victim: Royal Brighton Yacht Club

On July 1, 2024, Victoria’s Royal Brighton Yacht Club (RBYC) confirmed it fell victim to a ransomware attack by the Medusa gang, which publicly claimed responsibility by posting stolen data on its darknet leak site. The attackers exfiltrated over 94 gigabytes of data, including sensitive personal information of members and employees, financial records, internal documents, and login credentials for external suppliers. RBYC General Manager Philip Hall attributed the breach to a "sophisticated supply chain cyber attack," specifically citing compromise of a third-party point-of-sale (POS) system’s remote support tool as the intrusion vector. Medusa deployed ransomware that encrypted the club’s systems, though RBYC detected the activity promptly and initiated containment measures. The club engaged a cybersecurity partner to manage incident response and restoration efforts, isolating affected systems to minimize operational disruption.

The published data samples revealed member names, addresses, phone numbers, membership fee details, employee superannuation information, contact details, internal emails, and supplier login credentials with plaintext passwords. Medusa set a ransom deadline of eight days, demanding $100,000 for undisclosed actions, though RBYC did not confirm whether payment was considered. The Australian Cyber Security Centre (ACSC) was notified, with the club cooperating fully in their investigation. Impacted individuals were being notified as of the confirmation date, with Hall acknowledging the breach’s severity and committing to enhanced security protocols. The incident followed Medusa’s prior attack on Perth’s Harry Perkins Institute of Medical Research, which involved leaking terabytes of security footage. RBYC emphasized restoring stakeholder trust while maintaining operational continuity throughout remediation.