Costa Group

Costa Group, also referred to as Costa Group, is an Australian agribusiness that concentrates on the cultivation and supply of berries. The company operates berry farms located within Australia, focusing on producing fresh berries for the market. Its core activity revolves around growing, harvesting, and distributing berry products to customers and suppliers.

In August 2022, Costa Group experienced a sophisticated phishing attack that compromised a single server supporting its Australian berry operations. Approximately ten percent of the data stored on that server was accessed, although the encryption of the downloaded files prevented confirmation of exactly what information was exfiltrated. The breach potentially exposed employee details such as passport numbers, tax file numbers, and financial records, affecting a subset of current and former berry farm workers hired since 2013.

Although the incident caused temporary operational disruptions that required manual workarounds and led to delivery delays, the company’s core business systems and customer or supplier data remained unaffected. Costa Group responded by engaging external cybersecurity consultants, notifying the relevant regulatory authorities, and putting in place enhanced security measures such as restricted server access and mandatory employee training. Continuous dark‑web monitoring has not yet detected any leaked information, but the organisation continues to assess potential risks to the affected workforce.

The headquarters of Costa Group is situated in Australia, reflecting its national focus and operational base. While public sources do not disclose the company’s ownership structure or parent‑subsidiary relationships, its identity as an Australian‑based berry producer is consistently highlighted in its communications and incident reporting.