INC Ransom Breaches Mastercom, Leaks Sensitive Data from Australian Communications Firm
The INC Ransom hacking group has claimed responsibility for a cyberattack on Mastercom, a Granville, New South Wales-based communications provider, and published stolen internal and customer data on its darknet leak site. The breach was first disclosed on April 11, with the threat actors alleging they exfiltrated customer records, HR documents, and financial data.
In subsequent leaks, INC Ransom released a full dataset that also included information from Queensland Communications, a company acquired by Mastercom in 2013. The exposed files contained sensitive details, such as fault reports, internal building layouts, photos of cable infrastructure, and locations of communications equipment for over 100 customers.
Mastercom acknowledged the incident in a brief statement, confirming awareness of the breach but declining further comment. Hamish Duff, Mastercom’s Managing Director, stated that the company had taken steps in response but provided no additional details.
About INC Ransom
Active since 2023, INC Ransom operates under a ransomware-as-a-service (RaaS) model, leasing its malware to affiliates in exchange for a share of ransom payments. The group has claimed 760 victims globally, with a growing focus on Australian targets, particularly in healthcare and professional services.
According to the Australian Cyber Security Centre (ACSC), INC Ransom has been linked to 11 reported incidents in Australia between July 2024 and December 2025, primarily affecting healthcare entities. The group typically gains access via compromised accounts, escalates privileges, and deploys malicious files (e.g., win.exe) before exfiltrating sensitive data, including personally identifiable and medical information.
Mastercom’s recent breach follows another attack on the Bendigo & District Aboriginal Co-operative, which was listed alongside Mastercom on INC Ransom’s leak site.
About Mastercom
Mastercom provides communications services to critical sectors, including transport & logistics, local government, emergency services, and airports & ports. The company operates the Orion Network, Australia’s largest commercial two-way radio network, serving clients such as Newcastle, Maitland, and Penrith City Councils, as well as state and federal police, SES, and fire services.
The breach raises concerns over the exposure of operational and infrastructure data, potentially impacting emergency response and public safety communications.
Queensland Communications cybersecurity rating report: https://www.rankiteo.com/company/queensland-communications
Mastercom Australia cybersecurity rating report: https://www.rankiteo.com/company/mastercom-australia
"id": "QUEMAS1776133442",
"linkid": "queensland-communications, mastercom-australia",
"type": "Ransomware",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Over 100 customers',
'industry': 'Telecommunications, Critical '
'Infrastructure',
'location': 'Granville, New South Wales, Australia',
'name': 'Mastercom',
'type': 'Communications Provider'},
{'industry': 'Telecommunications',
'location': 'Australia',
'name': 'Queensland Communications',
'type': 'Communications Provider (Acquired)'}],
'attack_vector': 'Compromised accounts',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (personally identifiable '
'information, operational '
'infrastructure data)',
'type_of_data_compromised': ['Customer records',
'HR documents',
'Financial data',
'Fault reports',
'Internal building layouts',
'Photos of cable infrastructure',
'Locations of communications '
'equipment']},
'date_publicly_disclosed': '2025-04-11',
'description': 'The INC Ransom hacking group has claimed responsibility for a '
'cyberattack on Mastercom, a Granville, New South Wales-based '
'communications provider, and published stolen internal and '
'customer data on its darknet leak site. The breach exposed '
'customer records, HR documents, financial data, fault '
'reports, internal building layouts, photos of cable '
'infrastructure, and locations of communications equipment for '
'over 100 customers. The incident also included data from '
'Queensland Communications, a company acquired by Mastercom in '
'2013.',
'impact': {'brand_reputation_impact': 'Yes',
'data_compromised': 'Customer records, HR documents, financial '
'data, fault reports, internal building '
'layouts, photos of cable infrastructure, '
'locations of communications equipment',
'identity_theft_risk': 'Yes',
'operational_impact': 'Potential impact on emergency response and '
'public safety communications'},
'initial_access_broker': {'entry_point': 'Compromised accounts'},
'motivation': 'Financial gain (ransom)',
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'INC Ransom'},
'references': [{'source': 'INC Ransom darknet leak site'},
{'source': 'Australian Cyber Security Centre (ACSC)'}],
'response': {'communication_strategy': 'Brief statement acknowledging the '
'breach'},
'threat_actor': 'INC Ransom',
'title': 'INC Ransom Breaches Mastercom, Leaks Sensitive Data from Australian '
'Communications Firm',
'type': 'Ransomware, Data Breach'}