Australian property developer TOGA has been listed as a ransomware victim by the Akira cybercrime group, which claims to have stolen over 530 gigabytes of company data. The information allegedly includes financial records, payment information, and contact details of both staff and customers.
The hackers published TOGA’s name on their dark web leak site on March 26.
Earlier this month, TOGA Far East (TFE) Hotels, part of TOGA’s broader property portfolio, confirmed a cyberattack that caused system disruptions and backend outages. While TOGA hasn’t publicly linked the two events, the timing suggests a possible connection.
Akira’s leak site does not reference TFE directly, but it claims to have compromised data belonging to TOGA as the parent organization.
Akira is a ransomware group active since early 2023, known for its double-extortion tactics—stealing sensitive files and threatening to release them publicly if a ransom isn’t paid. It has targeted more than 250 organizations across North America, Europe, and Australia, reportedly collecting over $40 million in payments.
The gang’s leak site lists victims from a wide range of industries, including construction, education, and professional services.
If the attackers’ claims are accurate, the breach raises several red flags for finance teams:
Data exposure risks: Leaked financial records and payment details increase the risk of fraud, invoice manipulation, and identity theft.
Compliance and liability concerns: If customer data was exposed, TOGA could face regulatory scrutiny or class action lawsuits.
Third-party risk amplification: The breach reinforces how cyber incidents in one part of a business (e.g. a hotel subsidiary) can affect broader operations and financial exposure.
TOGA has not confirmed the ransomware claim or disclosed whether a ransom was demanded or paid.
For CFOs and finance managers, incidents like this highlight a growing need for stronger supplier data controls and payment verification processes. Even organizations with solid internal systems can be exposed through third-party services, subsidiaries, or legacy data silos.
Real-time verification of payee details and bank account data, especially before large or unusual payments, can help detect red flags early and reduce the risk of business email compromise or invoice fraud.
A cyberattack on Aussie super funds reveals major control gaps. Learn what finance leaders must do now to protect payments and prevent fraud.
If there’s one lesson out of the Medibank that should be clear to all CFOs by now, it’s this: the cost of …
Protect your business this tax season. Discover the top scams targeting finance teams in 2025—and how to stop them before money leaves your accounts.
End-to-end B2B payment protection software to mitigate the risk of payment error, fraud and cyber-crime.
