BDAC Confirms Cyber Incident After INC Ransom Claims Breach
The Bendigo and District Aboriginal Co-operative (BDAC), an Aboriginal community-controlled organization providing health, education, and social services to the Dja Dja Wurrung community, was listed on the dark web leak site of INC Ransom over the weekend. The ransomware group claimed to have breached the organization, though it provided no further details.
BDAC confirmed the incident in a statement, revealing that a cyberattack was detected and contained on the same day, minimizing disruption to its services. The organization reported a limited impact on operations and assured that its systems are now secure. Authorities, including the Office of the Australian Information Commissioner (OAIC) and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD ACSC), were notified, and BDAC is collaborating with them as the investigation continues. Additional security measures have been implemented to strengthen defenses.
INC Ransom, a ransomware-as-a-service (RaaS) group active since August 2023, has claimed 760 victims to date, ranking among the most prolific ransomware operations. The group employs spear-phishing for initial access and double extortion, stealing data before encrypting it demanding payment to prevent leaks or resale. Its most recent Australian victim before BDAC was NSW-based RX Management, listed on April 8 with claims of 180GB of stolen data.
Bendigo & District Aboriginal Co-operative (BDAC) cybersecurity rating report: https://www.rankiteo.com/company/bendigo-and-district-aboriginal-co-operative
"id": "BEN1776061684",
"linkid": "bendigo-and-district-aboriginal-co-operative",
"type": "Ransomware",
"date": "4/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Health, Education, Social Services',
'location': 'Australia',
'name': 'Bendigo and District Aboriginal Co-operative '
'(BDAC)',
'type': 'Aboriginal community-controlled '
'organization'}],
'attack_vector': 'Spear-phishing',
'data_breach': {'data_encryption': 'Claimed by INC Ransom (details not '
'provided)',
'data_exfiltration': 'Claimed by INC Ransom (details not '
'provided)'},
'description': 'The Bendigo and District Aboriginal Co-operative (BDAC) was '
'listed on the dark web leak site of INC Ransom, a ransomware '
'group, which claimed to have breached the organization. BDAC '
'confirmed the cyber incident, stating that the attack was '
'detected and contained on the same day, minimizing disruption '
'to its services. Authorities were notified, and additional '
'security measures were implemented.',
'impact': {'operational_impact': 'Limited impact on operations'},
'initial_access_broker': {'entry_point': 'Spear-phishing'},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain (ransom), Data exfiltration',
'post_incident_analysis': {'corrective_actions': 'Additional security '
'measures implemented'},
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes',
'ransomware_strain': 'INC Ransom'},
'references': [{'source': 'INC Ransom dark web leak site'}],
'regulatory_compliance': {'regulatory_notifications': 'Yes (OAIC, ASD ACSC)'},
'response': {'communication_strategy': 'Public statement confirming the '
'incident',
'containment_measures': 'Attack contained on the same day',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Yes (ASD ACSC, OAIC)',
'remediation_measures': 'Additional security measures '
'implemented'},
'threat_actor': 'INC Ransom',
'title': 'BDAC Cyber Incident Involving INC Ransom',
'type': 'Ransomware'}