Words: Yvonne Wang
The Menzies Group has more than 2,200 employees and an annual turnover of nearly $82 million. The group confirmed the unauthorised access occurred through a long term information technology provider.
“We have been responding to a cyber incident involving unauthorised third party access to a limited part of our network, which occurred through an IT service provider with whom we have partnered for a number of years,” a Menzies Group spokesperson told Cyber Daily.
The spokesperson also told Cyber Daily: “As soon as we became aware of the incident, we immediately took steps to prevent any further access to our network and engaged external cyber security experts to assist in our response. They launched an immediate investigation to understand the nature and scope of the incident, and any impact to personal data,”
The company said it has notified the appropriate bodies.
“We have notified the Office of the Australian Information Commissioner (OAIC) and the Australian Cyber Security Centre (ACSC),” the spokesperson told Cyber Daily.
Since then, Menzies Group has engaged external cyber security specialists while investigations continue into the nature and scope of the incident, including any potential impact on personal data.
Menzies Group stated that “the incident affected systems primarily related to internal operational documents rather than client information”.
The incident gained wider attention after details appeared on the dark web leak site linked to the Kirin ransomware gang. Kirin first emerged in August 2022 and operates as a ransomware as a service organisation, with more than 1,800 reported victims worldwide. The group is regarded as one of the most active ransomware threats in 2026. Like many ransomware as a service operations, Kirin works with affiliated groups that carry out attacks in exchange for a share of paid ransom demands. While some claims published on leak sites remain unverified, many have later proven to involve legitimate stolen data.
What it means for your business
For cleaning and facility services businesses, the case highlights a risk that many operators overlook. Companies often rely on networks of third party providers including IT systems, payroll platforms and building management software without fully assessing the cyber security posture of those vendors. A breach at any one of those points can expose employee records, client contracts and operational systems. The cleaning industry, which frequently handles sensitive site access information and staff personal data, presents an increasingly attractive target for cyber criminals.
The incident also demonstrates how cyber security concerns extend well beyond large enterprises. Small and medium sized cleaning companies continue adopting cloud based systems, mobile workforce platforms and digital customer management tools. Without regular security reviews and updated controls, every connected platform creates another possible entry point for attackers.
Australia’s cyber security landscape has grown increasingly hostile in recent years. The facility services sector has been slow to treat cyber risk as a core operational issue instead of a purely technical problem. That mindset now faces mounting pressure to evolve. Cleaning businesses of every size should be asking hard questions of their technology partners. What security certifications do they hold? How quickly would they notify clients of a breach? Do contracts include cyber security obligations?
Reviewing vendor security agreements, requiring suppliers to meet minimum cyber security standards and maintaining a clear incident response plan have become baseline operational expectations across the industry.
A Menzies Group spokesperson said: “In any event, we are systematically working through all our relevant obligations as they relate to a potential cyber event.”
Menzies Group said it will continue updating stakeholders as accurate information becomes available. INCLEAN will report further developments as the investigation progresses.
