Southern Design RV Hit by Data Breach as New Cybercrime Group CMD Organization Auctions Stolen Customer Data
Southern Design RV, a Ballarat, Victoria-based dealer specializing in new and used Australian-made caravans, has been listed as a victim by the emerging cybercrime group CMD Organization. The threat actor claims to have exfiltrated sensitive customer data, including names, addresses, emails, phone numbers, and purchase details, which it has posted as a sample on its leak site.
CMD Organization is auctioning the stolen data for 5 Bitcoin (at the time of reporting), with the sale set to expire in just over five days. Southern Design RV has not commented on the incident.
First observed in March 2024, CMD Organization has rapidly expanded its victim list, now totaling 19 organizations, including Tasmania’s Goodstone Group, which previously confirmed a cyberattack. The group markets itself as a "legitimate" security firm, claiming to specialize in identifying corporate vulnerabilities while operating under the guise of improving cybersecurity.
However, cybersecurity firm Beazley Security describes CMD Organization as a low-maturity but well-networked operator, likely relying on initial access brokers (IABs) and minimal custom tooling. A key tactic involves public auctions for stolen data, allowing multiple bidders to drive up prices potentially increasing pressure on victims to pay. By selling exclusive access to a single buyer, the group ensures the winner can exploit the data before competitors gain access.
The incident highlights a growing trend in public extortion auctions, where cybercriminals monetize breaches through competitive bidding rather than traditional ransom negotiations.
Source: https://www.cyberdaily.au/security/13784-exclusive-victorian-rv-dealer-suffers-alleged-cyber-attack
Goodstone Group LLC cybersecurity rating report: https://www.rankiteo.com/company/goodstone-group-llc
Southern Design Piers cybersecurity rating report: https://www.rankiteo.com/company/southern-design-piers
"id": "GOOSOU1782167103",
"linkid": "goodstone-group-llc, southern-design-piers",
"type": "Cyber Attack",
"date": "5/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Automotive (Caravans)',
'location': 'Ballarat, Victoria, Australia',
'name': 'Southern Design RV',
'type': 'Business'}],
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Addresses',
'Emails',
'Phone numbers',
'Purchase details']},
'description': 'Southern Design RV, a Ballarat, Victoria-based dealer '
'specializing in new and used Australian-made caravans, has '
'been listed as a victim by the emerging cybercrime group CMD '
'Organization. The threat actor claims to have exfiltrated '
'sensitive customer data, including names, addresses, emails, '
'phone numbers, and purchase details, which it has posted as a '
'sample on its leak site. CMD Organization is auctioning the '
'stolen data for 5 Bitcoin, with the sale set to expire in '
'just over five days.',
'impact': {'brand_reputation_impact': 'Likely negative',
'data_compromised': 'Sensitive customer data (names, addresses, '
'emails, phone numbers, purchase details)',
'identity_theft_risk': 'High'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes (auction)'},
'motivation': 'Financial gain',
'ransomware': {'data_exfiltration': 'Yes', 'ransom_demanded': '5 Bitcoin'},
'references': [{'source': 'Beazley Security'}],
'threat_actor': 'CMD Organization',
'title': 'Southern Design RV Data Breach by CMD Organization',
'type': 'Data Breach'}