Small Sydney tech company Qnect is in damage control after its customer data was reportedly stolen and held for ransom.
The attack comes just weeks after ransomware known as WannaCry disabled over 300,000 computers and essential services worldwide.
The hackers, calling themselves RavenCrew, threatened to publish the data – including credit card details and email addresses – online unless Bitcoin were paid by the company, according to Business Insider.
Customers reportedly received SMS messages on Tuesday urging them to contact Qnect and encourage them to pay the ransom.
“Please help us convince them to pay by emailing questions,” said the SMS, before listing email addresses of two senior staff members.
Qnect offers an app-based online ticket-selling service used by hundreds of groups around the world such as university societies, according to its website.
Sydney University Law Society, which is believed to be affected by the hack, posted a warning on Tuesday evening to is members about the attack.
“This is a scam,” it said, urging members to not reply.
The attack appears to have originated with customer Tommaso Armstrong, who drew attention to the security flaw with a tweet.
The threat of releasing credit card details is low-impact exposure, according to Troy Hunt, a cyber security researcher.
“Personal details is a different class of data that has a different impact. Credit cards are recyclable, personal details aren’t,” he said.
“It’s the sort of thing that sounds like it was done on the cheap. Someone was trying to do something in a user-friendly way without giving consideration to the way it could be abused.
“Hopefully the attack will prevent a much worse impact in the future.”
The company is blaming a malware issue for the security breach that lead to the leak of customer details.
“Qnect experienced a malware attack via an employee’s computer affecting a portion of the community similar to the global Wannacry attack last month,” said Daniel Liang, co-founder and chief executive of Qnect.
“Thankfully the financial data of our community was not exposed. This attack does expose the difficulty of SMEs as they combat growing cyber attacks.
“We welcome the Government’s move to help SMEs with good education and practices for cyber security as well as its new grant in this area,” he said in response to the government pledging $15 million to fight cyber crime earlier this week.
“Please be assured that your financial information has not been compromised. Please don’t respond to the text or open any links contained within it,” Qnect said in a message to customers on Wednesday.
“Qnect is in touch with the relevant authorities, and we are working with them to ensure your data remains secure.”