Melbourne’s 3P Corporation Targeted by Space Bears Ransomware
Overview of the Breach
In early April, 3P Corporation, a financial services firm based in Melbourne, found itself at the center of a ransomware attack perpetrated by the notorious Space Bears group. Despite the company’s denial of a data breach, over 200 gigabytes of sensitive internal documents and customer information have surfaced online, raising serious concerns about the effectiveness of its cybersecurity measures.
Details of the Incident
The Space Bears ransomware gang made their intentions clear with a post on their darknet site on April 10. They listed 3P Corporation as one of their victims, claiming to have stolen a variety of sensitive data, including databases and financial records, which they alleged contained personal details of both employees and clients.
A ransom deadline was initially set around April 18, further intensifying the pressure on 3P Corporation. This was compounded by the fact that the hackers managed to publish a compressed archive totaling 213.3 gigabytes on a well-known file hosting service. Interestingly, this archive has been downloaded nearly 200 times, potentially exposing the leaked data to even more individuals.
Corporate Response
A spokesperson for 3P confirmed that an attempted ransomware attack occurred on April 7. They stated, “There was an attempted ransomware attack on our servers. However, our investigations found that our systems picked up on the attack before any data could be compromised.” Despite this claim, the leaked data raises questions about the effectiveness of their security protocols.
3P Corporation identifies as a holding company and asserts it does not maintain direct client data. Following the attack, the organization conducted a thorough review of its systems to enhance its protective measures.
Communication with Stakeholders
In light of the incident, 3P Corporation took steps to inform both their staff and any potentially affected clients. The matter has also been reported to the Australian Signals Directorate’s Australian Cyber Security Centre, indicating a serious approach to addressing the breach.
Contents of the Leaked Data
The published information by the Space Bears group is alarming. It includes hundreds of Authority to Deduct Funds forms related to tax returns, complete with sensitive bank details and signatures of customers. Among the leaked materials are trust account statements, remittance advices, employee pay slips, and internal document templates.
Furthermore, the data affecting over 4,500 business service clients comprises various correspondence, tax returns, and signed agreements. This depth of information underscores significant vulnerabilities in data protection and raises crucial questions for the firm’s clientele.
Background on Space Bears
The Space Bears ransomware group is relatively new to the cybercrime scene, first appearing in April 2024. Speculated to be based in Russia, the group has claimed 71 victims to date. One of their recent attacks targeted Christian Community Aid, a charity based in New South Wales, in January 2025, demonstrating their growing footprint in Australia.
About 3P Corporation
3P Corporation describes itself as a "boutique financial services aggregate located in the heart of Melbourne’s finance district." Established in 2013 by notable author and TV personality Peter Ziggy, the firm offers a diverse range of services including accounting, tax consulting, financial planning, legal advice, and human resources.
Conclusion
The breach involving 3P Corporation raises significant cybersecurity concerns, particularly within the financial services sector. As ransomware attacks continue to evolve, companies must prioritize robust security measures to safeguard sensitive data and maintain client trust.
