Stormous Ransomware Group Targets NSW-Based VSP Solutions in Data Breach A New South Wales-based distributor of video security products, VSP Solutions, has confirmed a cyber incident after being listed as a victim on the Stormous ransomware group’s darknet leak site on 23 May 2026. The hackers claimed to have exfiltrated over 40GB of sensitive data, including financial backups (QuickBooks & Reckon), email archives, staff personal folders, customer databases, and shipment tracking records for major brands like Hikvision and Axis. The stolen data was briefly published on a file-sharing platform before being removed due to a terms-of-service violation. VSP Solutions acknowledged the breach on 13 May 2026, stating that the incident did not disrupt business operations and that the compromised data was historical, linked to a related entity. The company has engaged forensic experts and cybersecurity advisors to contain the breach, notified law enforcement and Australian government agencies, and is cooperating with ongoing investigations. VSP Solutions has pledged transparency with clients and stakeholders as it assesses the full scope of the attack. Stormous, a pro-Russian ransomware-as-a-service (RaaS) group active since 2022, has claimed over 140 victims globally, primarily targeting technology and business services sectors in the U.S., Spain, UAE, and France. Known for double extortion tactics, the group encrypts data and threatens leaks to pressure victims. After a six-month lull, VSP Solutions is among its recent targets. VSP Solutions, headquartered in Minchinbury, NSW, has distributed video security products since 1993, serving clients across Australia with access control and cloud surveillance solutions.