Cyber Incident Victim: Yakult Australia
Date:
Dec 2023
Location:
Australia
Summary
A popular probiotic drink company experienced a cyber attack resulting in a data leak of approximately 95GB, including company databases, contracts, and passport documents, published on the dark web by actors linked to DragonLeaks. The incident impacted IT systems across Australia and New Zealand, prompting notifications to national cybersecurity authorities and privacy regulators in both countries while investigations into the scope of compromised data continue. Operations remained unaffected, with offices staying open during the response.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Yakult Australia publicly confirmed a cyber incident impacting its IT systems across Australia and New Zealand, with unauthorized actors publishing approximately 95GB of company data on the dark web. The breach reportedly involved sensitive information including corporate databases, contractual documents, and passport details, though the company did not formally verify the specific nature or completeness of the exfiltrated material. Director David Whatley acknowledged awareness of the data publication commencing on December 25, 2023, via a dark web forum associated with the threat actors. Initial operational statements confirmed Yakult’s offices remained open despite the IT system disruptions, with business continuity measures implemented during the investigation. The organization engaged third-party cybersecurity experts to assess the intrusion’s scope and collaborated with law enforcement and regulatory agencies including the Australian Cyber Security Centre, New Zealand National Cyber Security Centre, Australian Information Commissioner, and New Zealand Privacy Commissioner.
Yakult’s incident response prioritized determining which internal systems and data repositories were compromised, with forensic analysis ongoing at the time of their public statement. The company withheld confirmation regarding whether customer data, employee records, or supply chain information was affected, citing the preliminary stage of their investigation. No ransomware demands or extortion tactics were explicitly mentioned in available communications, though the dark web data release aligned with common post-intrusion pressure strategies. The probiotic manufacturer, operating in Australia since 1994 and New Zealand since 2004, maintained public updates through director-level statements while internal recovery and system hardening efforts proceeded. Further technical and regulatory disclosures were anticipated as the investigation progressed through subsequent phases of containment and impact validation.