Ransomware victim disclosure
← All victimsCCA NSW Community Hub
listed as Christian Community Aid · Claimed by Spacebears · listed 1 year ago
Status timeline
- ListedJan 22, 2025
- Data leakeddate unknown
At a glance
- Group
- Spacebears
- Status
- Data leaked
- Country
- Australia
- Sector
- Public Sector
- Listed on leak site
- Jan 22, 2025
About the victim
AI dossier — public-source company profileCCA NSW is a registered non-profit organisation delivering essential community services across the Ryde, Parramatta and Hornsby local government areas of New South Wales, Australia. Established in 1965, it provides aged care, disability support, family day care, community learning, and youth and family counselling to vulnerable populations including the elderly, people with disability, children, and families.
- Industry
- Non-profit Community Services & Aged Care
- Address
- 12 Lakeside Rd, Eastwood NSW 2122, Australia
- Founded
- 1965
Attack summary
Severity: high — Confirmed data exfiltration from a non-profit organisation handling sensitive client information (elderly, disabled individuals, families, children). The organisation processes personal data including client contact and care information. Data published status indicates disclosure; however, no specific sensitive data types or scale explicitly confirmed in the post.Spacebears claims to have exfiltrated files from CCA NSW, listing document types (.jpg, .mp4, .mov, .xls, .doc, .mdf, .msg, .pdf). No specific data categories or operational impact details are provided in the leak post.
Data the group says was taken
AI dossier — extracted from the leak post- Photos and videos
- Spreadsheets
- Word documents
- Database files
- Email messages
- PDF documents
What the group claims
CCA is a non-denominational service provider to the local communities. Contents: Valuable information (.jpg, .mp4, .mov, .xls, .doc, .mdf, .msg, .pdf... etc) https://ccas.org.au/
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

