Australian Cyber Aware - As It Was 2604 - April 2026. This monthly review provides a curated summary of Australian and New Zealand cyber, privacy, and information security developments identified during April 2026. It includes a cross-section of incidents, regulatory updates, audit findings, and broader industry developments relevant to business and government audiences.
Western Australia-based software deployment specialist and reseller Scope Systems has disclosed a cyber incident but said no data loss occurred. • … [...]
The hackers behind the global Canvas LMS breach have said they are no longer “seeking money” from any victim. • Wed, 13 May 2026 • … [...]
The federal government has bucked expectations with a large amount of investment into sustaining technology projects, headlined by $654m for Digital … [...]
The hacking group that targeted the Canvas educational tool and the parent company that owns the software struck a deal to secure stolen student … [...]
The parent company of Canvas, the online learning platform used by hundreds of thousands of Australian students and teachers, has struck a deal with … [...]
Datacom's Adam Kirkpatrick on the growing threat from cyber attacks and what organisations need to do to protect themselves. Video / Herald NOW Business Subscribe and be notified of breaking [...]
A cybersecurity breach affecting 200 million people and more than 9,000 institutions worldwide has hit students and teachers across Queensland's education sector. | *Subscribe and 🔔: http://9Soci.al/KM6e50GjSK9* *Get more breaking [...]
As usual Australia's latest Federal Budget has made some losers, and other winners. Here's where the nation stands on cyber security spending and … [...]
Members of the Institute of Public Accountants received an email last week after the names and member numbers were leaked. The body has stressed that … [...]
An environmental, social science, and engineering company suffers an alleged 600-gigabyte data breach; tax invoices, NDA’s, and contracts already … [...]
We are a leading Australian law firm. With more than 140 partners, we have depth and breadth of expertise and service corporate, public sector and … [...]
Agencies are increasingly considering or deploying surveillance technologies to manage security, safety, productivity and risk. These technologies … [...]
Claim Status: Confirmed = Acknowledged by organisation/public statement/regulator | Published = Published in mainstream or reputable media | Claim = Leak-site claim only, unverified | Withdrawn = The claim has been withdrawn | Denied = The victim has formally denied the claim | Unknown = No corroborating evidence has been found
Confirmed 13-May-26 AU WA
Scope Systems confirms cyber incident, says no data loss occurred
Western Australia-based software deployment specialist and reseller Scope Systems has disclosed a cyber incident but said no data loss occurred. The company posted a statement on 6 May, confirming that it had detected malicious activity.
Published 12-May-26 AU VIC
Exclusive: Aussie firm Earth Systems listed by INC Ransom hacking group
The hackers INC Ransom listed the Victoria-based Earth Systems in a 7 May post to their darknet leak site, claiming to have stolen at least 600 gigabytes of company data, including, according to INC Ransom, “full corp data, nda client contract project” information.
Published 11-May-26 AU NSW
Exclusive: Aussie toy distributor listed by M3rx ransomware
"An Australian toy distributor, KBToys, with an extensive eBay presence, is the latest Australian victim claimed by a newcomer ransomware gang, M3rx.
Ransomware notification sites claim to have exfiltrated 140 gigabytes of data, spanning nearly 37,000 files."
Published 07-May-26 AU QLD
Exclusive: Aussie car parts importer Strategic Imports allegedly breached by threat actors
Threat actors have claimed responsibility for a cyberattack on a Queensland automotive parts importer, Strategic Imports, alleging they exfiltrated data from its network.
Confirmed 07-May-26 AU QLD
Qld gov says students, staff caught in Canvas cyber incident
"Education Queensland says that students and staff working or studying at state schools since 2020 may have been caught up in a breach of the global education systems vendor, Instructure. Multiple institutions, including RMIT University, UTS, TasTAFE Tasmania and Western Sydney University, were urgently assessing their potential exposure to the incident."
Claim 06-May-26 NZ
[Unconfirmed] Ransomware group The Gentlemen has claimed to have breached New Zealand sporting distributor Worralls
W.H. Worrall & Co. Limited (Worralls) is New Zealand's leading distributor of world-class cycling and sporting brand
Confirmed 06-May-26 AU QLD
Hacked: ALS discloses cyber incident, unauthorised access to IT systems
Queensland-based scientific testing company ALS recently reported to the ASX that it "identified malicious cyber activity involving unauthorised third-party access to some of our IT systems.” No details are available on the incident.
Published 06-May-06 AU NSW
Exclusive: Australian energy management firm allegedly breached by SafePay
Threat actor SafePay has claimed responsibility for a cyberattack on an NSW energy management and consulting firm, Energy Action, threatening to release allegedly stolen data within a number of days.
Confirmed 05-May-26 AU NSW
Exclusive: Champion Homes confirms customer data compromised in ‘cyber event’
Australian home builder Champion Homes has confirmed it was recently the victim of a cyber attack that exposed a limited amount of employee and customer data. DragonForce ransomware operation threatened to publish a 44-gigabyte dataset on the dark web.
Confirmed 04-May-26 AU NSW
Exclusive: Major Australian jewellery brand confirms cyber incident
Gregory Jewellers is an Australian-owned retailer that specialises in fine jewellery, watches, and accessories. The company was listed on the Kairos ransomware gang's dark web leak site, which claimed to have stolen 574 gigabytes of data from it.
Confirmed 04-May-26 NZ
Exclusive: Kiwi firm, McKay electrical contractor, confirms cyber attack
McKay, one of New Zealand’s largest privately owned electrical contractors, has confirmed it was the victim of a cyber attack in January, after it was listed as a victim on the darknet leak site of a newly emerged ransomware group.
Claim 01-May-26 AU
[Unconfirmed] Fulcrumsec claims breach of YOUX / DRIVE IQ, formerly known as Drive IQ, is an Australian technology company specialising in connected vehicle data and mobility intelligence.
Published 01-May-26 AU NSW
Exclusive: Prime Properties listed as breach victim by M3rx ransomware
Hackers are alleged to have stolen more than 80,000 documents totalling 100 gigabytes of data from a Sydney-based property investment firm, Prime Properties.
If you believe any information in this post is inaccurate or incomplete, please contact us so we can review the matter. Parties with additional relevant information relating to the incident are also invited to get in touch.
Australian Medical Ransomware Attack, 06 Jun 2025: Victorian based Ascot Vale Health Group targeted by Global ransomware group. Global ransomware group has so far not listed how much data it has allegedly stolen or what kind of data may have been compromised.
Australian Racing Industry Ransomware Attack, 05 Jun 2025: Victorian based RISE Racing confirms Sarcoma ransomware attack. Reports indicate that 1.6GB of sensitive data was stolen, including: Banking details, financial records, participant personal information and operational data related to the racing industry.
Australian Accounting Firm Ransomware Attack, 16 May 2025: Victorian MKA Accountants confirms Qilin ransomware attack. Qilin published 12 documents as part of its leak post, including internal correspondence, financial statements, and insurance information
Australian Cyber Incident – Court Data Breach, 26 March 2025: NSW court website involved in major data breach, 9,000 documents downloaded. Man charged in connection with court document data breach.
Incident – Law Firm Ransomware Attack, 13 March 2025: Prominent Sydney law firm Brydens Lawyers reveals a serious cyber incident in the wake of a February intrusion into its network. More than 600 gigabytes of data – including case, client, and staff data – was stolen in the incident.
NZ Incident – Ransomware Attack, 28 February 2025: DragonForce Ransomware Targets Kiwi Car Dealership Tristram European. The attackers claim to have stolen over 30 gigabytes of sensitive data, including customer information and financial records.
Updated Incident – Medical Data Breach, 19 February 2025: Australian IVF provider Genea in cyber incident. Genea patients frustrated by lack of communication amid data breach.
Incident – University Ransomware Attack, 16 February 2025: Australian National University investigating alleged cyber attack by FSociety ransomware group. No ransom amount was given; however, society is threatening to publish the data within seven days.
NZ Incident – Medical Ransomware Attack, 13 February 2025: KillSec claims ransomware attack on New Zealand based Obex Medical. While the exact details of the breach remain unclear, this latest incident highlights the persistent threat of ransomware groups, particularly those focused on industries like healthcare.
Updated AU Incident – Education Cyber Attack, 04 February 2025: The University of Notre Dame Australia in Western Australia confirms cyber incident. Claims are that 62.3 Gb of data was exfiltrated. Containing employee and student contact data, medical documents, confidential agreements and licenses. Problems with enrolling and accessing class timetables, weeks after a cyber attack
Quotes and Memes: "There are two types of companies: those who have been hacked, and those who don’t yet know they have been hacked" - John Chambers
