Melbourne-based financial services and advice firm hit with cyber attack

The Space Bears ransomware gang listed Victorian financial services firm 3P Corporation as a victim on its darknet leak site in early April and has since published data that it claims to have stolen in the course of the attack.

The hackers made the claim in a 10 April post, listing some information about its alleged victim alongside claims relating to the nature of the stolen data, which includes a database, financial documents and “personal information of employees and clients”.

A ransom deadline of around 18 April was listed at the time, and since then, the hackers have published a 213.3 gigabyte compressed archive to a popular clear web file hosting site. According to the file’s properties, this has been downloaded 196 times.

A spokesperson for 3P has said they are aware of the claims and confirmed that the incident took place on 7 April.

“There was an attempted ransomware attack on our servers. However, our investigations found that our systems picked up on the attack before any data could be compromised,” 3P’s spokesperson told ifa sister brand Cyber Daily on 30 May.

“As 3P Corporation Ltd is a holding company, it does not hold any direct client data. We have since conducted a review of our systems with the aim to further strengthen our controls.”

The incident and a report of 3P’s investigations have been provided to the Australian Signals Directorate’s Australian Cyber Security Centre, and 3P’s spokesperson said that “staff were informed and any potential clients were made aware” of the incident.

However, the information published by Space Bears includes hundreds of authority to deduct funds forms relating to tax returns, complete with full bank details and customer signatures, trust account statements and remittance advices, all on 3P letterhead and in a folder labelled 3P accounting and tax trust account.

Employee payslips are included in the leak, as well as internal document templates, and files relating to more than 4,500 business service clients, including correspondence, tax returns and signed deeds. One document holds more than 2,700 tax file numbers.

Cyber Daily has only made a brief assay of the full dataset, which includes a total of 30 folders of company data.

Space Bears is another relatively new group, first appearing in April 2024. The gang is thought to be based in Russia and has since then claimed 71 victims. Its most recent Australian victim was NSW charity Christian Community Aid, which fell victim to Space Bears’ depredations in January 2025.

3P describes itself as a “boutique financial services aggregate in the heart of Melbourne's finance district”. It was founded in 2013 by author and TV personality Peter Ziggy and provides accounting and tax services, financial planning and legal advice, and human resources services.