The Osiris ransomware group claims to have breached The Araneta Group, a major private diversified conglomerate in the Philippines known for its extensive portfolio in property development, food service, leisure, and hospitality. The group, which employs approximately 12,000 people and manages the iconic Araneta City, was listed on the threat actor’s leak site with a countdown to data publication. The incident affects the core conglomerate and potentially its subsidiaries, including ACI, Inc. and New Farmers Plaza Inc.
According to the actor, and based on the proof of compromise samples released, the allegedly compromised data includes:
-
Board Resolutions: Confidential minutes and resolutions from the Board of Directors, including authorizations for foreign exchange transactions.
-
Legal Contracts: Non-Disclosure Agreements (NDAs) and commercial agreements with partners such as Devtac CRM Inc. and bneXt Incorporated.
-
Lease Documents: Commercial lease contracts and renewal agreements for tenants (e.g., Peper Broers Inc., New Farmers Plaza Inc.) detailing rent schedules and financial terms.
-
Personally Identifiable Information (PII): Scanned government-issued IDs (passports, OSCA IDs, driver’s licenses) of high-ranking executives and signatories.
-
Internal Correspondence: Operational letters and notices regarding facility management and maintenance schedules.
-
Signatures: Digital and wet signatures of corporate officers and senior management.
