Smith & Caughey's Ransomware Attack: LockBit 3.0 Threat

Incident Date:

June 2, 2024

World map



Smith & Caughey's Ransomware Attack: LockBit 3.0 Threat


Smith and Caughey's




Auckland, New Zealand

, New Zealand

First Reported

June 2, 2024

Ransomware Attack on Smith & Caughey's

Company Overview

Smith & Caughey's is an upscale department store located in Auckland, New Zealand. The company, known for its long history and customer-centric approach, offers a wide range of products including fashion, beauty, homeware, and gifts. With over 130 years of operation, Smith & Caughey's has been a popular shopping destination in Auckland.

Company Size and Standout

Employing approximately 132 people, Smith & Caughey's generates an annual revenue of $46 million. The company stands out in the retail sector for its high-quality products and excellent customer service, making it a cherished name among shoppers.

Company Vulnerabilities

As a prominent retailer, Smith & Caughey's possesses valuable customer data, financial information, and operational details, making it an attractive target for threat actors such as ransomware groups. The company's reliance on digital systems for communication and operations also increases its vulnerability to cyber attacks.

Attack Overview

Recently, the LockBit 3.0 ransomware group targeted Smith & Caughey's website, leaking sensitive data that includes financial, HR, accounting, management, and IT department information. This attack has disrupted the company's ability to communicate with stakeholders and raised significant concerns about data privacy and security.

Ransomware Group Profile

Known as LockBit Black, the LockBit 3.0 ransomware group is a sophisticated Ransomware-as-a-Service (RaaS) entity that has evolved from previous versions of LockBit. It is renowned for its advanced encryption techniques and obfuscation methods, targeting a wide range of organizations globally, including major companies.

Penetration Method

LockBit 3.0 likely infiltrated Smith & Caughey's systems through phishing emails, vulnerable software, or by exploiting weak network security measures. The ransomware's capability to move laterally through a network and cover its tracks makes it challenging for organizations to detect and defend against.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.