May 2026 So Far

Claim Status: Confirmed = Acknowledged by organisation/public statement/regulator | Published = Published in mainstream or reputable media | Claim = Leak-site claim only, unverified | Withdrawn = The claim has been withdrawn | Denied = The victim has formally denied the claim | Unknown = No corroborating evidence has been found

Claim 08-May-26 AU VIC
[Unconfirmed] Incransom claims to have hacked an Australian-based environmental solutions company, Earth Systems
Earth Systems is an environmental and social science and engineering company that develops and implements innovative and effective environmental, water, and sustainability solutions worldwide. 

Published 07-May-26 AU QLD
Exclusive: Aussie car parts importer Strategic Imports allegedly breached by threat actors
Threat actors have claimed responsibility for a cyberattack on a Queensland automotive parts importer, Strategic Imports, alleging they exfiltrated data from its network.

Confirmed 07-May-26 AU QLD
Qld gov says students, staff caught in Canvas cyber incident
"Education Queensland says that students and staff working or studying at state schools since 2020 may have been caught up in a breach of the global education systems vendor, Instructure. Multiple institutions, including RMIT University, UTS, TasTAFE Tasmania and Western Sydney University, were urgently assessing their potential exposure to the incident."

Claim 06-May-26 NZ
[Unconfirmed] Ransomware group The Gentlemen has claimed to have breached New Zealand sporting distributor Worralls
W.H. Worrall & Co. Limited (Worralls) is New Zealand's leading distributor of world-class cycling and sporting brand

Confirmed 06-May-26 AU QLD
Hacked: ALS discloses cyber incident, unauthorised access to IT systems
Queensland-based scientific testing company ALS recently reported to the ASX that it "identified malicious cyber activity involving unauthorised third-party access to some of our IT systems.” No details are available on the incident.

Published 06-May-06 AU NSW
Exclusive: Australian energy management firm allegedly breached by SafePay
Threat actor SafePay has claimed responsibility for a cyberattack on an NSW energy management and consulting firm, Energy Action, threatening to release allegedly stolen data within a number of days.

Claim 06-May-26 AU NSW
[Unconfirmed] M3rx claimed to have exfiltrated 140 gigabytes of data from Australian toy retail company KB Toys.
KB Toys is a retail company based in Australia that sells toys, games, and children’s entertainment products.
Ransomware notification sites reported that M3rx had successfully infiltrated kbtoys.com.au on May 6. The attackers claim to have exfiltrated 140 gigabytes of data, spanning nearly 37,000 files.

Confirmed 05-May-26 AU NSW
Exclusive: Champion Homes confirms customer data compromised in ‘cyber event’
Australian home builder Champion Homes has confirmed it was recently the victim of a cyber attack that exposed a limited amount of employee and customer data. DragonForce ransomware operation threatened to publish a 44-gigabyte dataset on the dark web.

Confirmed 04-May-26 AU NSW
Exclusive: Major Australian jewellery brand confirms cyber incident
Gregory Jewellers is an Australian-owned retailer that specialises in fine jewellery, watches, and accessories. The company was listed on the Kairos ransomware gang's dark web leak site, which claimed to have stolen 574 gigabytes of data from it.

Confirmed 04-May-26 NZ
Exclusive: Kiwi firm, McKay electrical contractor, confirms cyber attack
McKay, one of New Zealand’s largest privately owned electrical contractors, has confirmed it was the victim of a cyber attack in January, after it was listed as a victim on the darknet leak site of a newly emerged ransomware group.

Claim 01-May-26 AU
[Unconfirmed] Fulcrumsec claims breach of YOUX / DRIVE IQ, formerly known as Drive IQ, is an Australian technology company specialising in connected vehicle data and mobility intelligence.

Published 01-May-26 AU NSW
Exclusive: Prime Properties listed as breach victim by M3rx ransomware
Hackers are alleged to have stolen more than 80,000 documents totalling 100 gigabytes of data from a Sydney-based property investment firm, Prime Properties.

If you believe any information in this post is inaccurate or incomplete, please contact us so the matter can be reviewed. Parties with additional relevant information relating to the incident are also invited to get in touch.

New complete timeline of Australian Timeline Incidents and Audits

View all quotes