Australian Cyber Aware - As It Was 2605 - May 2026. Aggregated listing of Australian and New Zealand cybersecurity, privacy, and AI risks developments identified during May 2026. It includes cybersecurity incidents, regulatory updates, news stories, audit findings, and broader industry developments relevant to business and government audiences.
Melbourne International Film Festival (MIFF) customers have received strange texts and emails after a data leak linked to the event's third-party … [...]
The same threat actor behind the MIFF and ACMI breaches continues to target Australian organisations in a hacking spree. • Thu, 04 Jun 2026 • … [...]
Australian luxury and lifestyle fashion brand Camilla has confirmed a cyber incident, leading to company data theft by a threat actor. • Thu, 04 Jun … [...]
The same hacker who claimed to have compromised the Melbourne International Film Festival has published the alleged data of more than 25,000 ACMI … [...]
NZ news The Privacy Commissioner found both entities failed to implement reasonable security safeguards to protect 100,000 patients. Watchdog slams … [...]
Melbourne’s most popular annual film festival has suffered a security incident impacting the personal information of nearly 27,000 filmgoers. On … [...]
Effective use of AI is contingent on maintaining a stable balance between planning, governance and cybersecurity. Boards are right to push hard on AI … [...]
Australia and Japan have accelerated their existing defence partnership through recent collaborative efforts surrounding cyber command, control and … [...]
The same hacker who allegedly compromised the Melbourne International Film Festival has posted customer records from a catering firm that serves … [...]
A scammer’s attempt to sell a $900,000 vacant plot of land they did not own has failed, after suspicious emails put multiple West Australian … [...]
This monthly review provides a curated summary of Australian and New Zealand cyber, privacy, and information security developments identified during … [...]
Aussie video security firm VSP Solutions says it has contained the incident after hackers claimed to have stolen and published 40 gigabytes of … [...]
Claim Status: Confirmed = Acknowledged by organisation/public statement/regulator | Published = Published in mainstream or reputable media | Claim = Leak-site claim only, unverified | Withdrawn = The claim has been withdrawn | Denied = The victim has formally denied the claim | Unknown = No corroborating evidence has been found
Confirmed 01-Jun-26 AU VIC
Hacked! Melbourne International Film Festival responding to cyber incidents
The Melbourne International Film Festival has said it is responding to a pair of cyber incidents that have affected its 340 000 customers' data.
Confirmed 01-Jun-26 AU NSW
Exclusive: VSP Solutions responding to Stormous ransomware attack
Aussie video security firm VSP Solutions says it has contained the incident after hackers claimed to have stolen and published 40 gigabytes of company data.
If you believe any information in this post is inaccurate or incomplete, please contact us so we can review the matter. Parties with additional relevant information relating to the incident are also invited to get in touch.
Australian Medical Ransomware Attack, 06 Jun 2025: Victorian based Ascot Vale Health Group targeted by Global ransomware group. Global ransomware group has so far not listed how much data it has allegedly stolen or what kind of data may have been compromised.
Australian Racing Industry Ransomware Attack, 05 Jun 2025: Victorian based RISE Racing confirms Sarcoma ransomware attack. Reports indicate that 1.6GB of sensitive data was stolen, including: Banking details, financial records, participant personal information and operational data related to the racing industry.
Australian Accounting Firm Ransomware Attack, 16 May 2025: Victorian MKA Accountants confirms Qilin ransomware attack. Qilin published 12 documents as part of its leak post, including internal correspondence, financial statements, and insurance information
Australian Cyber Incident – Court Data Breach, 26 March 2025: NSW court website involved in major data breach, 9,000 documents downloaded. Man charged in connection with court document data breach.
Incident – Law Firm Ransomware Attack, 13 March 2025: Prominent Sydney law firm Brydens Lawyers reveals a serious cyber incident in the wake of a February intrusion into its network. More than 600 gigabytes of data – including case, client, and staff data – was stolen in the incident.
NZ Incident – Ransomware Attack, 28 February 2025: DragonForce Ransomware Targets Kiwi Car Dealership Tristram European. The attackers claim to have stolen over 30 gigabytes of sensitive data, including customer information and financial records.
Updated Incident – Medical Data Breach, 19 February 2025: Australian IVF provider Genea in cyber incident. Genea patients frustrated by lack of communication amid data breach.
Incident – University Ransomware Attack, 16 February 2025: Australian National University investigating alleged cyber attack by FSociety ransomware group. No ransom amount was given; however, society is threatening to publish the data within seven days.
NZ Incident – Medical Ransomware Attack, 13 February 2025: KillSec claims ransomware attack on New Zealand based Obex Medical. While the exact details of the breach remain unclear, this latest incident highlights the persistent threat of ransomware groups, particularly those focused on industries like healthcare.
Updated AU Incident – Education Cyber Attack, 04 February 2025: The University of Notre Dame Australia in Western Australia confirms cyber incident. Claims are that 62.3 Gb of data was exfiltrated. Containing employee and student contact data, medical documents, confidential agreements and licenses. Problems with enrolling and accessing class timetables, weeks after a cyber attack
Quotes and Memes: "Complexity creates confusion, simplicity focus." - Edward de Bono
