Australian Cyber Aware - As It Was 2605 - May 2026. Aggregated listing of Australian and New Zealand cybersecurity, privacy, and AI risks developments identified during May 2026. It includes cybersecurity incidents, regulatory updates, news stories, audit findings, and broader industry developments relevant to business and government audiences.
The government wants to give telcos and cloud providers the power “to enable upstream blocking of cyber threats” as a key action under the second … [...]
Australian luxury make-up and cosmetics brand Napoleon Perdis has allegedly suffered a cyber incident after a threat actor claimed responsibility for … [...]
An Australian online and in-store women’s lingerie, swimwear and underwear retailer has allegedly been breached following claims made by a threat … [...]
Investigations into the incident are ongoing, but the school warns that IT systems are expected to be offline for some time. • Thu, 11 Jun 2026 • … [...]
Services Australia has disclosed a privacy incident it detected last month, which led to the halting of the printing of pensioner concession cards. • … [...]
The university’s Student Information Management System was exposed after access credentials were “unintentionally exposed online”. • Thu, 11 Jun 2026 … [...]
Threat actor 2019 claimed to have breached the data of more than 25,000 patients via a third-party platform – and it’s already been sold on a hacking … [...]
Pauline Hanson’s popularity is surging, and so was the malicious traffic targeting One Nation’s donation page today. • Fri, 12 Jun 2026 • … [...]
Australian investigators have helped disrupt an alleged international money laundering operation accused of processing criminal proceeds, including … [...]
Australia rejected an EU-style approach to regulating AI and tasked each government agency with managing its own use of the technology. The ABC can now reveal dozens of federal agencies [...]
Oracle has issued an urgent security advisory addressing a critical vulnerability in its widely used PeopleSoft platform, amid growing concerns that … [...]
Dozens of government bodies have failed the first test of policing their own use of AI, after Australia backed away from stricter European-style AI … [...]
Claim Status: Confirmed = Acknowledged by organisation/public statement/regulator | Published = Published in mainstream or reputable media | Claim = Leak-site claim only, unverified | Withdrawn = The claim has been withdrawn | Denied = The victim has formally denied the claim | Unknown = No corroborating evidence has been found
Published 09-Jun-26 AU VIC
Exclusive: Aussie farming group launches investigation following Qilin cyber attack claims
Late last month, Tripod Farmers was listed online by the Qilin ransomware group. According to threat feeds observed by Cyber Daily, the incident occurred around 17 February 2026, suggesting that the threat actor has had access for an extended period.
Published 09-Jun-26 AU NSW
Exclusive: 2019 claims cyber incident on Aussie ASX and financial market research firm
Over the weekend (6 June), threat actor 2019 listed Kalkine Media on an infamous cyber crime forum, claiming to have stolen the personal data of over 2,900 customers
Published 09-Jun-26 AU NSW
Exclusive: Hacker claims breach of Aussie travel agency, FirstClass, 53k customers potentially impacted
2019, a prominent member of a popular underground hacking forum, said in a June 3 post they had gained access to the data of more than 53,300 customers of luxury travel website, FirstClass.com.au.
Denied 08-Jun-26 AU QLD
[Unconfirmed] The initial reports indicate that Qilin ransomware operators publicly listed The Banyans Health and Wellness as a compromised entity
A World-Renowned Discreet, Private Rehab in Brisbane’s Hinterland, The Banyans Health and Wellness, has turned up on Qilin's listings. Update: Target, as stated, was not the victim.
Claim 08-Jun-26 AU VIC
[Unconfirmed] Ransomware group has claimed to have breached Victorian education tutoring company Kinetic Education
Qilin ransomware operation reportedly targeted Kinetic Education in Australia, encrypting files and disrupting access to critical systems. Technical details remain limited
Denied 05-Jun-26 AU
Exclusive: Centrelink denies hacker claims of cyber attack
A threat actor with a reputation for targeting Australian entities has claimed a cyber attack on government service Centrelink, a claim Centrelink says is false.
Confirmed 04-Jun-26 AU NSW
Australia luxury lifestyle brand Camilla confirms cyber incident
Australian luxury and lifestyle fashion brand Camilla has confirmed a cyber incident, leading to company data theft by a threat actor.
Confirmed 04-Jun-26 AU NSW
Exclusive: MMJ Real Estate allegedly hacked, 17.3k customer records potentially compromised
The personal data of more than 17,300 clients of Australian estate agent MMJ Real Estate has potentially been exposed in a data breach.
Confirmed 03-Jun-26 AU VIC
Exclusive: Hacker claims breach of the Australian Centre for the Moving Image, PII allegedly compromised
A hacker going by the name of 2019 has published what they claim is the personal data of more than 25,000 customers of the Australian Centre for the Moving Image (ACMI) to a hacking forum.
Published 02-Jun-26 AU NSW
Exclusive: Aussie workplace catering firm Hampr suffers alleged 360k record data breach
The Hampr records come in two parts. The first contains customer IDs, names, mobile phone numbers, and account details, while the second part contains dietary information, payment details, billing information, and workspace details.
Confirmed 01-Jun-26 AU VIC
Hacked! Melbourne International Film Festival responding to cyber incidents
The Melbourne International Film Festival has said it is responding to a pair of cyber incidents that have affected its 340 000 customers' data.
Confirmed 01-Jun-26 AU NSW
Exclusive: VSP Solutions responding to Stormous ransomware attack
Aussie video security firm VSP Solutions says it has contained the incident after hackers claimed to have stolen and published 40 gigabytes of company data.
If you believe any information in this post is inaccurate or incomplete, please contact us so we can review the matter. Parties with additional relevant information relating to the incident are also invited to get in touch.
Australian Medical Ransomware Attack, 06 Jun 2025: Victorian based Ascot Vale Health Group targeted by Global ransomware group. Global ransomware group has so far not listed how much data it has allegedly stolen or what kind of data may have been compromised.
Australian Racing Industry Ransomware Attack, 05 Jun 2025: Victorian based RISE Racing confirms Sarcoma ransomware attack. Reports indicate that 1.6GB of sensitive data was stolen, including: Banking details, financial records, participant personal information and operational data related to the racing industry.
Australian Accounting Firm Ransomware Attack, 16 May 2025: Victorian MKA Accountants confirms Qilin ransomware attack. Qilin published 12 documents as part of its leak post, including internal correspondence, financial statements, and insurance information
Australian Cyber Incident – Court Data Breach, 26 March 2025: NSW court website involved in major data breach, 9,000 documents downloaded. Man charged in connection with court document data breach.
Incident – Law Firm Ransomware Attack, 13 March 2025: Prominent Sydney law firm Brydens Lawyers reveals a serious cyber incident in the wake of a February intrusion into its network. More than 600 gigabytes of data – including case, client, and staff data – was stolen in the incident.
NZ Incident – Ransomware Attack, 28 February 2025: DragonForce Ransomware Targets Kiwi Car Dealership Tristram European. The attackers claim to have stolen over 30 gigabytes of sensitive data, including customer information and financial records.
Updated Incident – Medical Data Breach, 19 February 2025: Australian IVF provider Genea in cyber incident. Genea patients frustrated by lack of communication amid data breach.
Incident – University Ransomware Attack, 16 February 2025: Australian National University investigating alleged cyber attack by FSociety ransomware group. No ransom amount was given; however, society is threatening to publish the data within seven days.
NZ Incident – Medical Ransomware Attack, 13 February 2025: KillSec claims ransomware attack on New Zealand based Obex Medical. While the exact details of the breach remain unclear, this latest incident highlights the persistent threat of ransomware groups, particularly those focused on industries like healthcare.
Updated AU Incident – Education Cyber Attack, 04 February 2025: The University of Notre Dame Australia in Western Australia confirms cyber incident. Claims are that 62.3 Gb of data was exfiltrated. Containing employee and student contact data, medical documents, confidential agreements and licenses. Problems with enrolling and accessing class timetables, weeks after a cyber attack
Quotes and Memes: "Complexity creates confusion, simplicity focus." - Edward de Bono
