Australian Cyber Aware - As It Was 2605 - May 2026. Aggregated listing of Australian and New Zealand cybersecurity, privacy, and AI risks developments identified during May 2026. It includes cybersecurity incidents, regulatory updates, news stories, audit findings, and broader industry developments relevant to business and government audiences.
A determination issued by the Australian Privacy Commissioner Carly Kind found Optus interfered with the privacy of individuals whose personal … [...]
Investigations into the incident are ongoing, but the school warns that IT systems are expected to be offline for some time. • Thu, 11 Jun 2026 • … [...]
More than 110,000 customer records have been allegedly published on a popular hacking forum, with dozens seeking to access the data. • Thu, 11 Jun … [...]
As tens of thousands of Australians line up to buy shares in Elon Musk's SpaceX blockbuster public offering, Australian government officials are … [...]
New Zealand has been given access to a frontier AI model that is deemed too dangerous for general release. Catriona Robinson, Deputy Director General … [...]
From 1 July, when you get a text claiming to be from the Australian Taxation Office, Australia Post or any other organisation, the first thing to … [...]
An Australian online and in-store women’s lingerie, swimwear and underwear retailer has allegedly been breached following claims made by a threat … [...]
Cases of mistaken identity can happen to anyone, but you’d think that at least hackers could work out who they’re hacking. • Wed, 10 Jun 2026 • … [...]
Thirteen government agencies are caught up in an expanding scandal involving potential data breaches, prompting calls for an urgent audit due to concerns over national security. Earlier in 2026, embattled [...]
The Australian Financial Complaints Authority will become the nation’s single external dispute resolution body for scam complaints, expanding its … [...]
Australian luxury make-up and cosmetics brand Napoleon Perdis has allegedly suffered a cyber incident after a threat actor claimed responsibility for … [...]
Some of Australia's biggest companies - along with national security agencies - are reportedly getting access to the frontier AI platform that's been deemed by its creator to be too [...]
Claim Status: Confirmed = Acknowledged by organisation/public statement/regulator | Published = Published in mainstream or reputable media | Claim = Leak-site claim only, unverified | Withdrawn = The claim has been withdrawn | Denied = The victim has formally denied the claim | Unknown = No corroborating evidence has been found
Published 09-Jun-26 AU VIC
Exclusive: Aussie farming group launches investigation following Qilin cyber attack claims
Late last month, Tripod Farmers was listed online by the Qilin ransomware group. According to threat feeds observed by Cyber Daily, the incident occurred around 17 February 2026, suggesting that the threat actor has had access for an extended period.
Published 09-Jun-26 AU NSW
Exclusive: 2019 claims cyber incident on Aussie ASX and financial market research firm
Over the weekend (6 June), threat actor 2019 listed Kalkine Media on an infamous cyber crime forum, claiming to have stolen the personal data of over 2,900 customers
Published 09-Jun-26 AU NSW
Exclusive: Hacker claims breach of Aussie travel agency, FirstClass, 53k customers potentially impacted
2019, a prominent member of a popular underground hacking forum, said in a June 3 post they had gained access to the data of more than 53,300 customers of luxury travel website, FirstClass.com.au.
Denied 08-Jun-26 AU QLD
[Unconfirmed] The initial reports indicate that Qilin ransomware operators publicly listed The Banyans Health and Wellness as a compromised entity
A World-Renowned Discreet, Private Rehab in Brisbane’s Hinterland, The Banyans Health and Wellness, has turned up on Qilin's listings. Update: Target, as stated, was not the victim.
Claim 08-Jun-26 AU VIC
[Unconfirmed] Ransomware group has claimed to have breached Victorian education tutoring company Kinetic Education
Qilin ransomware operation reportedly targeted Kinetic Education in Australia, encrypting files and disrupting access to critical systems. Technical details remain limited
Denied 05-Jun-26 AU
Exclusive: Centrelink denies hacker claims of cyber attack
A threat actor with a reputation for targeting Australian entities has claimed a cyber attack on government service Centrelink, a claim Centrelink says is false.
Confirmed 04-Jun-26 AU NSW
Australia luxury lifestyle brand Camilla confirms cyber incident
Australian luxury and lifestyle fashion brand Camilla has confirmed a cyber incident, leading to company data theft by a threat actor.
Confirmed 04-Jun-26 AU NSW
Exclusive: MMJ Real Estate allegedly hacked, 17.3k customer records potentially compromised
The personal data of more than 17,300 clients of Australian estate agent MMJ Real Estate has potentially been exposed in a data breach.
Confirmed 03-Jun-26 AU VIC
Exclusive: Hacker claims breach of the Australian Centre for the Moving Image, PII allegedly compromised
A hacker going by the name of 2019 has published what they claim is the personal data of more than 25,000 customers of the Australian Centre for the Moving Image (ACMI) to a hacking forum.
Published 02-Jun-26 AU NSW
Exclusive: Aussie workplace catering firm Hampr suffers alleged 360k record data breach
The Hampr records come in two parts. The first contains customer IDs, names, mobile phone numbers, and account details, while the second part contains dietary information, payment details, billing information, and workspace details.
Confirmed 01-Jun-26 AU VIC
Hacked! Melbourne International Film Festival responding to cyber incidents
The Melbourne International Film Festival has said it is responding to a pair of cyber incidents that have affected its 340 000 customers' data.
Confirmed 01-Jun-26 AU NSW
Exclusive: VSP Solutions responding to Stormous ransomware attack
Aussie video security firm VSP Solutions says it has contained the incident after hackers claimed to have stolen and published 40 gigabytes of company data.
If you believe any information in this post is inaccurate or incomplete, please contact us so we can review the matter. Parties with additional relevant information relating to the incident are also invited to get in touch.
Australian Medical Ransomware Attack, 06 Jun 2025: Victorian based Ascot Vale Health Group targeted by Global ransomware group. Global ransomware group has so far not listed how much data it has allegedly stolen or what kind of data may have been compromised.
Australian Racing Industry Ransomware Attack, 05 Jun 2025: Victorian based RISE Racing confirms Sarcoma ransomware attack. Reports indicate that 1.6GB of sensitive data was stolen, including: Banking details, financial records, participant personal information and operational data related to the racing industry.
Australian Accounting Firm Ransomware Attack, 16 May 2025: Victorian MKA Accountants confirms Qilin ransomware attack. Qilin published 12 documents as part of its leak post, including internal correspondence, financial statements, and insurance information
Australian Cyber Incident – Court Data Breach, 26 March 2025: NSW court website involved in major data breach, 9,000 documents downloaded. Man charged in connection with court document data breach.
Incident – Law Firm Ransomware Attack, 13 March 2025: Prominent Sydney law firm Brydens Lawyers reveals a serious cyber incident in the wake of a February intrusion into its network. More than 600 gigabytes of data – including case, client, and staff data – was stolen in the incident.
NZ Incident – Ransomware Attack, 28 February 2025: DragonForce Ransomware Targets Kiwi Car Dealership Tristram European. The attackers claim to have stolen over 30 gigabytes of sensitive data, including customer information and financial records.
Updated Incident – Medical Data Breach, 19 February 2025: Australian IVF provider Genea in cyber incident. Genea patients frustrated by lack of communication amid data breach.
Incident – University Ransomware Attack, 16 February 2025: Australian National University investigating alleged cyber attack by FSociety ransomware group. No ransom amount was given; however, society is threatening to publish the data within seven days.
NZ Incident – Medical Ransomware Attack, 13 February 2025: KillSec claims ransomware attack on New Zealand based Obex Medical. While the exact details of the breach remain unclear, this latest incident highlights the persistent threat of ransomware groups, particularly those focused on industries like healthcare.
Updated AU Incident – Education Cyber Attack, 04 February 2025: The University of Notre Dame Australia in Western Australia confirms cyber incident. Claims are that 62.3 Gb of data was exfiltrated. Containing employee and student contact data, medical documents, confidential agreements and licenses. Problems with enrolling and accessing class timetables, weeks after a cyber attack
Quotes and Memes: "Complexity creates confusion, simplicity focus." - Edward de Bono
