May 2026 So Far

Claim Status: Confirmed = Acknowledged by organisation/public statement/regulator | Published = Published in mainstream or reputable media | Claim = Leak-site claim only, unverified | Withdrawn = The claim has been withdrawn | Denied = The victim has formally denied the claim | Unknown = No corroborating evidence has been found

Claim 28-May-26 AU VIC
[Unconfirmed] Qilin ransomware group has claimed to have claimed to havce breached Victorian farmers group
An unverified report from the Qilin group claims to have breached the Tripod Framers Group, a Victorian family business of fourth-generation farmers.

Claim 28-May-26 AU QLD
[Unconfirmed] Queensland-based taxation and business advisory firm has been reported to have been breached by ransomware group Qilin
Kennedy, McLaughlin & Associates has been listed on breach sites by Qilin; currently, no details are available.

Published 28-May-26 AU VIC
Exclusive: Victorian retail logistics firm allegedly breached by DragonForce
QLS Group is a large appliance logistics services provider. DragonForce ransomware gang claims to have exfiltrated 554.65 gigabytes of data.

Published 27-May-26 NZ
Exclusive: New Zealand’s Alpha Group Holdings allegedly hacked
The Qilin ransomware group have claimed to have "sensitive data" from Auckland-based health supplement producer, Alpha Group Holdings

Published 26-May-26 AU VIC
Exclusive: Marketing and merchandise firm Branded Products listed by Qilin ransomware
A Melbourne-based branded merchandise supplier, Branded Products, has been listed as a victim of hacking by the Qilin ransomware-as-a-service operation.

Published 25-May-26 AU VIC
Exclusive: Victorian regional newspaper allegedly hacked by ransomware group
The Brain Cipher ransomware group has listed The Adviser – a newspaper and media outlet serving the Shepparton area in regional Victoria – as a hacking victim on its darknet leak site.

Confirmed 22-May-26 AU NSW
State Library of NSW responding to April cyber intrusion
The State Library of NSW has said it expects to have its full range of services back online by 29 May, as it continues to handle the fallout from an April cyber incident.

Confirmed 19-May-26 AU VIC
Exclusive: Major cleaning and facility services firm confirms third-party cyber incident
Major private cleaning and facility services firm Menzies Group has confirmed a cyber incident that occurred after a third-party IT provider was breached.

Published 17-May-26 AU VIC
Exclusive: INC Ransom claims cyber attack on Australian engineering service company
Threat actors INC Ransom have claimed responsibility for a cyberattack on an Australian engineering solutions company, Metaval, and are threatening to publish data they allegedly exfiltrated.

Published 15-May-26 AU VIC
Exclusive: Hospitality IT provider allegedly breached by Qilin
Bluize is an IT supplier of hospitality solutions for pubs, bars, restaurants, and gaming venues. Threat actor Qilin has claimed responsibility for a cyberattack on an Australian hospitality and gaming industry supplier, having listed the firm on the dark web.

Published 17-May-26 AU NSW
Exclusive: Australian College of Business Intelligence investigating Qilin ransomware claims
The Australian College of Business Intelligence (ACBI) has said it is aware of claims by the ransomware group Qilin and is actively investigating a potential cyber incident.

Confirmed 14-May-26 AU TAS
Exclusive: Tassie hospitality group confirms CMD Organisation ransomware attack
A new hacking group targets Devonport-based Goodstone Group, compromising employee passports in the attack.

Claim 13-May-26 AU
[Unconfirmed] Stormous Ransomware group has claimed to have breached VSP Security Wholesale
Video Security Products has been Australia’s most trusted provider of video security for over 30 years.

Confirmed 13-May-26 AU WA
Scope Systems confirms cyber incident, says no data loss occurred
Western Australia-based software deployment specialist and reseller Scope Systems has disclosed a cyber incident but said no data loss occurred. The company posted a statement on 6 May, confirming that it had detected malicious activity.

Published 12-May-26 AU VIC
Exclusive: Aussie firm Earth Systems listed by INC Ransom hacking group
The hackers INC Ransom listed the Victoria-based Earth Systems in a 7 May post to their darknet leak site, claiming to have stolen at least 600 gigabytes of company data, including, according to INC Ransom, “full corp data, nda client contract project” information.

Confirmed 12-May-26 AU VIC
Institute of Public Accountants members hit by data breach
Members of the Institute of Public Accountants received an email last week after the names and member numbers were leaked. The body has stressed that the breach did not include any personal information.

Published 11-May-26 AU NSW
Exclusive: Aussie toy distributor listed by M3rx ransomware
"An Australian toy distributor KBToys, with an extensive eBay presence is the latest Australian victim claimed by a newcomer ransomware gang, M3rx.
Ransomware notification sites claim to have exfiltrated 140 gigabytes of data, spanning nearly 37,000 files."

Published 11-May-26 AU NSW
Exclusive: Australian Computer Society investigating possible breach after ShinyHunters hack claims
The Australian Computer Society (ACS) has responded to claims made by the hackers behind last week’s Instructure education breach.

Published 07-May-26 AU QLD
Exclusive: Aussie car parts importer Strategic Imports allegedly breached by threat actors
Threat actors have claimed responsibility for a cyberattack on a Queensland automotive parts importer, Strategic Imports, alleging they exfiltrated data from its network.

Confirmed 07-May-26 AU QLD
Qld gov says students, staff caught in Canvas cyber incident
"Education Queensland says that students and staff working or studying at state schools since 2020 may have been caught up in a breach of the global education systems vendor, Instructure. Multiple institutions, including RMIT University, UTS, TasTAFE Tasmania and Western Sydney University, were urgently assessing their potential exposure to the incident."

Claim 06-May-26 NZ
[Unconfirmed] Ransomware group The Gentlemen has claimed to have breached New Zealand sporting distributor Worralls
W.H. Worrall & Co. Limited (Worralls) is New Zealand's leading distributor of world-class cycling and sporting brand

Confirmed 06-May-26 AU QLD
Hacked: ALS discloses cyber incident, unauthorised access to IT systems
Queensland-based scientific testing company ALS recently reported to the ASX that it "identified malicious cyber activity involving unauthorised third-party access to some of our IT systems.” No details are available on the incident.

Published 06-May-06 AU NSW
Exclusive: Australian energy management firm allegedly breached by SafePay
Threat actor SafePay has claimed responsibility for a cyberattack on an NSW energy management and consulting firm, Energy Action, threatening to release allegedly stolen data within a number of days.

Confirmed 05-May-26 AU NSW
Exclusive: Champion Homes confirms customer data compromised in ‘cyber event’
Australian home builder Champion Homes has confirmed it was recently the victim of a cyber attack that exposed a limited amount of employee and customer data. DragonForce ransomware operation threatened to publish a 44-gigabyte dataset on the dark web.

Confirmed 04-May-26 AU NSW
Exclusive: Major Australian jewellery brand confirms cyber incident
Gregory Jewellers is an Australian-owned retailer that specialises in fine jewellery, watches, and accessories. The company was listed on the Kairos ransomware gang's dark web leak site, which claimed to have stolen 574 gigabytes of data from it.

Confirmed 04-May-26 NZ
Exclusive: Kiwi firm, McKay electrical contractor, confirms cyber attack
McKay, one of New Zealand’s largest privately owned electrical contractors, has confirmed it was the victim of a cyber attack in January, after it was listed as a victim on the darknet leak site of a newly emerged ransomware group.

Claim 01-May-26 AU
[Unconfirmed] Fulcrumsec claims breach of YOUX / DRIVE IQ, formerly known as Drive IQ, is an Australian technology company specialising in connected vehicle data and mobility intelligence.

Published 01-May-26 AU NSW
Exclusive: Prime Properties listed as breach victim by M3rx ransomware
Hackers are alleged to have stolen more than 80,000 documents totalling 100 gigabytes of data from a Sydney-based property investment firm, Prime Properties.

If you believe any information in this post is inaccurate or incomplete, please contact us so we can review the matter. Parties with additional relevant information relating to the incident are also invited to get in touch.

New complete timeline of Australian Timeline Incidents and Audits

View all quotes