Reynella East College Data Breach

Alleged

Ransomware claim involving Reynella East College.

Published: Jun 23, 2026 Interlock
Threat Level
High
Confidence: High

Quick Summary

Company
Reynella East College
Industry
Education
Threat Actor
Interlock
Date of Incident
Jun 23, 2026
Status
Alleged

Executive Summary

Reynella East College, an educational institution in Australia, was listed as a victim by the Interlock ransomware group on June 23, 2026. The listing was observed via SOCRadar’s Dark Web Monitoring service. While the college’s specific industry was not explicitly stated in the listing, its name suggests it is an education provider. Interlock is a ransomware group known to target various sectors including Transportation/Logistics, Public Sector, and Consumer Services, with a primary focus on victims in the United States, but occasionally extending to Australia and Ireland.

Technical Analysis

SOCRadar’s analysis revealed a potential initial access vector through stealer-log telemetry associated with the reynellaec.sa.edu.au domain. The data indicated approximately twenty-one credentials exposed from college portals, including student, teacher, intranet, and library systems. These credentials predominantly used non-corporate usernames and included some official domain addresses. Repeated captures targeted the organization’s ADFS single sign-on endpoint, and instances of credential reuse or compromised sessions were observed. The timeframe of the harvested logs spans from late March to mid-June 2026. Infostealer-harvested credentials are a common initial access method for ransomware groups like Interlock. Their typical kill chain involves sourcing logs, validating corporate credentials, and using them to gain access to systems before deploying ransomware. While direct confirmation of these credentials being used by Interlock is not provided, the pattern of ADFS authentication and reused accounts is consistent with their modus operandi. Security recommendations include resetting ADFS-authenticated and third-party staff accounts, enforcing MFA, and advising external users on credential rotation.

Is Your Organization Exposed on the Dark Web?

Enter your company domain to get a free dark web exposure report instantly.