Opaxe Pty Ltd, an Australian software and information services company for mining and minerals industry, has allegedly suffered a cyberattack. A Threat Actor (TA) has claimed to have breached sensitive data of the firm which includes Personal Identifiable Information (PII) of 16,000 users. The Opaxe data breach was reportedly orchestrated by a threat actor, operating under the alias, “Tanaka”.

Unconfirmed: Opaxe Data Breach

Opaxe is an intelligent software platform that restructures and redistributes information and generates business insights to help mining professionals and investors make better decisions. "We collect, collate and republish listed mining company announcements so that you can access them quickly and easily, all in one place. We have more than 40,000 mining company announcements and 3 million data points extracted from these announcements," the company mentioned in its profile. [caption id="attachment_80137" align="alignnone" width="1602"] Source: Opaxe Website[/caption] According to the company’s website, “Opaxe was founded in May 2019 and is headquartered in West Perth, Australia with an operational office in Dunedin, New Zealand. Our development team is based in Kathmandu, Nepal.” Threat actor Tanaka made the claim to have accessed Opaxe’s data on the dark web marketplace BreachForums. In his post, the TA mentioned that the database was exfiltrated on June 26, 2024, and was in the SQL format. [caption id="attachment_80136" align="alignnone" width="1807"] Source: X[/caption] The TA stated that the breached information had over 5.5 million rows in the SQL database, which includes 16k,00 user records. The user records comprise the data fields like ID, first name, last name, e-mail, hashed passwords, industry, company, and job title [sic].

No Official Conformation of Data Breach Yet

Despite these claims by the threat actor, a closer inspection reveals that the firm’s website is currently functioning normally, showing no signs of a security breach. The Cyber Express has reached out to Opaxe to verify the alleged cyberattack. As of now, no official statements or responses have been received, leaving the claims unverified. The implications of such a breach, if proven, are potentially devastating, given the sensitive nature of the data held by Opaxe. The organization is responsible for holding personal data of its users. A data leak of this magnitude could expose sensitive personal information of users as well as its business secrets. Mining professionals and investors who rely on information shared by Opaxe for critical business insights could be vulnerable of having their confidential information accessed and misused by threat actors. The breach, if confirmed, could poses several risks, including unlawful access to proprietary business insights and personal user information. This could lead to identity theft, data manipulation, and a loss of trust among Opaxe’s user base.

Mining Industry Exposed to Higher Cybersecurity Risks: Report

According to AustralianMining.com, which reports on the latest news and current trends in the industry, a data breach in the mining sector could be devastating due to the highly sensitive nature of the information involved, such as geological surveys and operational plans. The article suggests that mining organizations should considering establishing “Private AI”. It refers to artificial intelligence systems that are deployed within an organization's own infrastructure, rather than relying on external, cloud-based solutions. This ensures that sensitive data, such as organizational financial information, merger and acquisition targets, site surveys and employee details, remains on-premises, enhancing security and compliance with local regulations. While the authenticity of the data breach on Opaxe Pty Ltd remains unconfirmed, the potential consequences are significant. The Cyber Express will continue to monitor this ongoing situation and provide updates as more information becomes available. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.