Ransomware victim disclosure
← All victimsBaresque Group
Claimed by AUR0RA · listed 18 hours ago
Status timeline
- Listed
Jun 6, 2026
- Data leaked
At a glance
- Group
- AUR0RA
- Status
- Data leaked
- Country
- Australia
- Sector
- Commercial Interiors
- Listed on leak site
- Jun 6, 2026
- Data size
- 343 GB
About the victim
AI dossier — public-source company profileBaresque Group is a commercial-interiors company headquartered in Perth, Australia, with offices in Dallas, Chicago, and Brussels. They manufacture and design acoustic panels (Zintra), furniture (FUNC), wallcoverings (botton+gardiner), and surfaces (Scribblr) for commercial spaces.
- Industry
- Commercial Interiors & Architectural Products
- Address
- 75 Dickson Ave, Artarmon NSW 2064, Australia
Attack summary
Severity: critical — Confirmed exfiltration of regulated sensitive data at scale: employee PII (passports, birth certificates, driver's licenses, TFNs) spanning multiple countries; plaintext credentials for all critical enterprise systems; workers' compensation medical records with named employees and diagnoses (regulated health information); legal documents with confidentiality clauses; proprietary product R&D; and financial/strategic intelligence. Data scope, regulatory violations, and identity-theft risk are seveAUR0RA claims to have exfiltrated 343 GB of data including employee PII (passports, birth certificates, driver's licenses, tax file numbers), plaintext credentials for critical systems, TLS private keys, product R&D, strategic and financial records, legal documents, and workers' compensation medical records with named employees and diagnoses.
Data the group says was taken
AI dossier — extracted from the leak post- Passport scans (100+)
- Birth certificates (35)
- Driver's licences (60+)
- Tax File Numbers (TFNs, 50+)
- Plaintext system credentials (Microsoft 365, Elmo Talent HR, LogMeIn, 3CX, Jim2 ERP)
- TLS private keys (4 customer-facing domains)
- Product R&D (SolidWorks CAD, manufacturing specs, blueprints)
- Board packs (2 years)
- Financial reports and cash-flow models
- Legal documents (subpoena files, affidavits, Fair Work tribunal filings, settlement agreements)
- Workers' compensation medical records with employee diagnoses and claim amounts
What the group claims
Baresque Group is a commercial-interiors company headquartered in Perth, Australia, with offices in Dallas, Chicago, and Brussels. The leaked data includes employee identity documents, plaintext credentials for critical systems, TLS private keys, product R&D files, financial and board documents, legal documents, and medical records.
The leak post
captured from the group's siteBaresque Group — a respected commercial-interiors company headquartered in Perth, Australia, with offices in Dallas, Chicago, and Brussels. The exposed material includes: 100+ passport scans, 35 birth certificates, 60+ driver's licences, 50+ TFN declarations — the complete identity-theft toolkit for the entire workforce, spanning Australia, the US, and Europe. Plaintext credentials for every critical system — Microsoft 365, HR platform (Elmo Talent), remote-access gateway (LogMeIn), phone system (3CX), ERP (Jim2) — all in browser-export CSVs and an enterprise-wide Password_Listing.xls that had been sitting on a shared drive since at least 2017. 4 TLS private keys for customer-facing domains — enabling impersonation of the company's websites. 343 GB of product R&D — SolidWorks CAD files, manufacturing specifications, and product blueprints for Zintra acoustic panels, FUNC furniture, botton+gardiner wallcoverings, and Scribblr surfaces. The complete design library. Two years of board packs, financial reports, and cash-flow models — the company's entire strategic and financial position laid bare. Privileged legal documents — active subpoena files, sworn affidavit exhibits, Fair Work A…
Data the group says was taken
- passport scans
- birth certificates
- driver's licences
- TFN declarations
- plaintext credentials
- TLS private keys
- CAD files
- manufacturing specifications
- product blueprints
- board packs
- financial reports
- cash-flow models
- legal documents
- subpoena files
- affidavit exhibits
- Fair Work Australia tribunal filings
- settlement agreements
- workers compensation medical records
Screenshot of the leak post
Sources
Source
Indexed 18 hours agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.