What happened
In September 2024 the catering and support-services company Compass Group (Australia) confirmed a Medusa ransomware attack in which employee data was exfiltrated β wage declarations, international passports, driverβs licences and internal documents [cg-cd]. Compass notified the ACSC and OAIC.
Current status
Disclosed. No count of affected employees was published, so none is asserted here.
Why it matters
Passports and licences of staff are exactly the identity documents used for fraud, and this record covers a staff-data breach rather than a customer one.