Funlab confirmed it is looking into a security breach after ransomware group Lynx listed the company on its leak site yesterday.
The Australian-headquartered company told 9news.com.au its IT systems were impacted between September 20-22.
Funlab said customer data was not accessed during the breach.
It has reported the incident to the Australian Signals Directorate’s Australian Cyber Security Centre and the Office of the Australian Information Commissioner.
“Funlab can confirm that it is investigating a cyber-security incident that affected some of its IT systems on Friday, Saturday and Sunday the 20th-22nd of September,” Funlab told 9news.com.au in a statement.
“All operations were returned to business as usual within 48 hours. Funlab has engaged with appropriate regulatory authorities.
“Detailed work has been completed and, while continuing with the assistance of our external experts, Funlab does not believe guest data has been accessed and that only a small number of current and former employees – in the low double digits – have had limited information accessed.
“Some of that information is redundant given the expiry dates of the data.”
The statement continued: “Funlab has reached out to any employee past or present that it considers may have had any data accessed and is providing the appropriate assistance.”
Lynx claimed it breached Funlab’s internal systems with images shared onto its website overnight.
Funlab owns and operates eight brands across Australia, NZ and the US and has around 2500 employees.
It is owned by private equity player TPG.
Funlab’s brands include Strike Bowling, Holey Moley, Archie Brothers, La Di Darts and most recently Hijynx Hotel.
9news.com.au has contacted the Australian Federal Police for comment.