Terry Ringland Chartered Accountants in NSW falls victim to INC Ransom attack disrupting accounting services. Meanwhile, Prestige Maintenance USA notifies 65,452 people of ransomware breach by Medusa gang demanding $1.2 million.
Trump administration unveils comprehensive AI cybersecurity action plan establishing AI Information Sharing and Analysis Center for threat intelligence. Australian regulator ASIC sues Fortnum Private Wealth over cybersecurity failures that exposed client records on dark web.
Sam Altman is preparing to launch an AI-powered web browser and warns of a looming fraud crisis from AI voice cloning. As OpenAI pushes into hardware and software, Altman is also urging banks to abandon outdated voiceprint authentication before it's exploited at scale.
Terry Ringland Chartered Accountants in NSW falls victim to INC Ransom attack disrupting accounting services. Meanwhile, Prestige Maintenance USA notifies 65,452 people of ransomware breach by Medusa gang demanding $1.2 million.
Cyber News Centre's cyber update for 25th July 2025: NSW accounting firm Terry Ringland Chartered Accountants has been targeted by the INC Ransom group, disrupting accounting and payroll services for clients in Sydney's eastern suburbs. Meanwhile, Prestige Maintenance USA has notified 65,452 people of a ransomware attack by the Medusa gang demanding $1.2 million ransom.
Terry Ringland Chartered Accountants is a professional accounting practice operating from Maroubra in Sydney's eastern suburbs since 1999. The firm, with 5-9 employees and annual revenue between $1-5 million, the practice serves clients across the greater Sydney area.
Update: The INC Ransom group listed Terry Ringland Chartered Accountants on their dark web leak site, claiming responsibility for a cyberattack against the NSW-based accounting firm. The ransomware group, known for spear phishing tactics and double-extortion techniques, has disrupted the firm's accounting, tax preparation, bookkeeping, and payroll services.
INC Ransom typically encrypts victim data while threatening to publish stolen information online, though no specific ransom amount or payment deadline has been disclosed for this incident. The attack affects a practice that has served Sydney's eastern suburbs for over two decades, potentially compromising sensitive financial data of local businesses and individual clients.
Why it Matters: This attack highlights the growing vulnerability of small-to-medium professional services firms to sophisticated ransomware operations, particularly those handling sensitive financial data. INC Ransom has claimed 375 victims since August 2023 and maintains significant activity in the Australian region, with previous targets including Expert Data Cabling in March 2025 and recent attacks on New Zealand businesses and Tonga's Ministry of Health.
For accounting firms like Terry Ringland, ransomware attacks create cascading impacts affecting not only internal operations but also client tax obligations, payroll processing, and financial reporting deadlines. The incident demonstrates how cybercriminals increasingly target professional services as high-value targets due to their access to extensive client financial records, business intelligence, and personal information that can be leveraged for both immediate ransom demands and long-term identity theft or corporate espionage.
Prestige Maintenance USA is a commercial cleaning and facility maintenance company founded in 1976 and based in Plano, Texas. The company serves major metropolitan areas including Chicago, Dallas, Kansas City, and St. Louis, employing approximately 3,000 people and maintaining contracts with multiple Fortune 500 companies.
Update: On January 17, 2025, Prestige Maintenance USA detected unusual activity in its digital infrastructure and immediately launched a comprehensive cybersecurity investigation with external experts. The investigation concluded recently, confirming that attackers had gained unauthorized access to sensitive files containing personal information of 65,452 individuals, including names, Social Security numbers, and other personally identifiable information.
The Medusa ransomware gang claimed responsibility for the attack and demanded $1.2 million in ransom. Prestige has reported the incident to federal law enforcement and began mailing breach notification letters to affected individuals on July 22, 2025, offering 12 months of free identity theft protection through IDX with enrollment available until October 22, 2025.
Why it Matters: This attack represents the ninth-largest ransomware incident in the United States in 2025 and highlights the growing threat to service sector companies that handle sensitive employee and customer data. The Medusa ransomware group has claimed responsibility for 132 confirmed attacks compromising over 3.1 million records, with this incident marking their second-largest attack of 2025.
The six-month delay between the initial breach and public notification raises concerns about detection capabilities and response protocols in mid-sized service companies. For the 65,452 affected individuals, the compromise of Social Security numbers creates long-term identity theft risks that extend far beyond the immediate incident, while the company's Fortune 500 client base suggests potential supply chain implications for major corporations relying on Prestige's services.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Trump administration unveils comprehensive AI cybersecurity action plan establishing AI Information Sharing and Analysis Center for threat intelligence. Australian regulator ASIC sues Fortnum Private Wealth over cybersecurity failures that exposed client records on dark web.
Australian IVF provider Genea confirms a cyberattack that exposed sensitive patient data on the dark web. Meanwhile, CISA and FBI issue a joint advisory on escalating Interlock ransomware attacks targeting virtual machines across North America and Europe.
Australian fashion brand Sabo exposes 3.5 million customer records in unprotected database. Meanwhile, Dell confirms breach of demonstration platform by World Leaks extortion group, affecting primarily synthetic data used for product demos.
Singapore is responding to a cyberattack by UNC3886, a China-linked espionage group targeting critical infrastructure. Minister K. Shanmugam confirmed the threat is serious and ongoing, as the CSA leads investigations to protect national services from long-term disruption.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
