Australian Cyber Aware - As It Was 2604 - May 2026. Aggregated listing of Australian and New Zealand cybersecurity, privacy, and AI risks developments identified during May 2026. It includes cybersecurity incidents, regulatory updates, news stories, audit findings, and broader industry developments relevant to business and government audiences.
Aussie video security firm VSP Solutions says it has contained the incident after hackers claimed to have stolen and published 40 gigabytes of … [...]
MIFF releases statement after hacker claims to have breached the details of more than 340,000 customers. • Mon, 01 Jun 2026 • Security *]:clear-none … [...]
The Ministry of Health admits that a cyber attack that exposed highly sensitive patient information should never have happened. An independent review has found major gaps in security controls, weak [...]
On 18 May 2026, the Office of the Australian Information Commissioner (OAIC) released its Issues Paper on the new automated decision-making (ADM) … [...]
Australian Prudential Regulation Authority’s (APRA) call for a step change in managing AI risk is not fundamentally new. It reflects the familiar … [...]
For many organisations, the privacy challenge is no longer understanding the law. It is about demonstrating, with evidence, that personal information … [...]
Queensland-based firm Kennedy McLaughlin says it has notified impacted individuals as hackers publish client financial and banking data online. • Fri, … [...]
The federal government has told its agencies that the answer to frontier artificial intelligence (AI) compressing attack timelines from days to hours … [...]
Dr Kate Conroy has been chosen as the inaugural general manager of Australia's AI Safety Institute. The institute is a new government body within the Department of Industry, Science and [...]
The Australian Bureau of Statistics (ABS) must strengthen its cybersecurity preparedness ahead of the 2026 Census in August, an audit of the … [...]
Government outlines its plan to streamline dispute resolution processes to ensure “responses are appropriate without imposing unnecessary burden on … [...]
Threat actors have claimed a cyber incident impacting a Victoria-based logistics firm, claiming to have stolen over half a terabyte of data. • Thu, 28 … [...]
Claim Status: Confirmed = Acknowledged by organisation/public statement/regulator | Published = Published in mainstream or reputable media | Claim = Leak-site claim only, unverified | Withdrawn = The claim has been withdrawn | Denied = The victim has formally denied the claim | Unknown = No corroborating evidence has been found
Confirmed 01-Jun-26 AU VIC
Hacked! Melbourne International Film Festival responding to cyber incidents
The Melbourne International Film Festival has said it is responding to a pair of cyber incidents that have affected its 340 000 customers' data.
Confirmed 01-Jun-26 AU NSW
Exclusive: VSP Solutions responding to Stormous ransomware attack
Aussie video security firm VSP Solutions says it has contained the incident after hackers claimed to have stolen and published 40 gigabytes of company data.
If you believe any information in this post is inaccurate or incomplete, please contact us so we can review the matter. Parties with additional relevant information relating to the incident are also invited to get in touch.
Australian Medical Ransomware Attack, 06 Jun 2025: Victorian based Ascot Vale Health Group targeted by Global ransomware group. Global ransomware group has so far not listed how much data it has allegedly stolen or what kind of data may have been compromised.
Australian Racing Industry Ransomware Attack, 05 Jun 2025: Victorian based RISE Racing confirms Sarcoma ransomware attack. Reports indicate that 1.6GB of sensitive data was stolen, including: Banking details, financial records, participant personal information and operational data related to the racing industry.
Australian Accounting Firm Ransomware Attack, 16 May 2025: Victorian MKA Accountants confirms Qilin ransomware attack. Qilin published 12 documents as part of its leak post, including internal correspondence, financial statements, and insurance information
Australian Cyber Incident – Court Data Breach, 26 March 2025: NSW court website involved in major data breach, 9,000 documents downloaded. Man charged in connection with court document data breach.
Incident – Law Firm Ransomware Attack, 13 March 2025: Prominent Sydney law firm Brydens Lawyers reveals a serious cyber incident in the wake of a February intrusion into its network. More than 600 gigabytes of data – including case, client, and staff data – was stolen in the incident.
NZ Incident – Ransomware Attack, 28 February 2025: DragonForce Ransomware Targets Kiwi Car Dealership Tristram European. The attackers claim to have stolen over 30 gigabytes of sensitive data, including customer information and financial records.
Updated Incident – Medical Data Breach, 19 February 2025: Australian IVF provider Genea in cyber incident. Genea patients frustrated by lack of communication amid data breach.
Incident – University Ransomware Attack, 16 February 2025: Australian National University investigating alleged cyber attack by FSociety ransomware group. No ransom amount was given; however, society is threatening to publish the data within seven days.
NZ Incident – Medical Ransomware Attack, 13 February 2025: KillSec claims ransomware attack on New Zealand based Obex Medical. While the exact details of the breach remain unclear, this latest incident highlights the persistent threat of ransomware groups, particularly those focused on industries like healthcare.
Updated AU Incident – Education Cyber Attack, 04 February 2025: The University of Notre Dame Australia in Western Australia confirms cyber incident. Claims are that 62.3 Gb of data was exfiltrated. Containing employee and student contact data, medical documents, confidential agreements and licenses. Problems with enrolling and accessing class timetables, weeks after a cyber attack
Quotes and Memes: "Complexity creates confusion, simplicity focus." - Edward de Bono
