πŸ”’breach.co.nz Β· the NZ & Australia breach register πŸ›‘οΈ A Govern service
Register β€Ί πŸ‡¦πŸ‡Ί AU β€Ί Other
Other sector Β· leaderboard
Own the Other leaderboard
The top banner across the Other overview and every Other record β€” one advertiser, exclusively.
Own this leaderboard β†’ breach@govern.co.nz

Compass Group (Australia)

πŸ‡¦πŸ‡Ί Australia Β· Compass Group (Australia) Pty Ltd Β· Record AU-2024-0930
β—‹ Reported β€” awaiting official confirmation
Reported β€” awaiting official confirmation. The facts below are drawn from the organisation's own disclosure and credible reporting. Figures are as reported; unknowns are labelled, not estimated by us.
People affected
Not disclosed
Breach date
2024-09
Regulator
ACSC and OAIC notified
Trust tier
B Β· Reported

Data exposed

Employee wage declarations, international passports, driver's licences and internal documents (exfiltrated by the Medusa group) Company-confirmed

Confidence: Confirmed = regulator/court Β· Company-confirmed = the organisation's own disclosure Β· Media-reported = press. Figures without an official source are labelled, not estimated.

What happened

In September 2024 the catering and support-services company Compass Group (Australia) confirmed a Medusa ransomware attack in which employee data was exfiltrated β€” wage declarations, international passports, driver’s licences and internal documents [cg-cd]. Compass notified the ACSC and OAIC.

Current status

Disclosed. No count of affected employees was published, so none is asserted here.

Why it matters

Passports and licences of staff are exactly the identity documents used for fraud, and this record covers a staff-data breach rather than a customer one.

GGOVERN Tabletop Exercises Β· Govern house Strengthen your cyber resilience β€” rehearse the decisions that matter. Book a Discovery Call β†’