Australian Cyber Aware – As It Was 2606 – June 2026
This monthly review provides a curated summary of Australian and New Zealand cyber, privacy, and information security developments identified during May 2026. It includes a cross-section of incidents, regulatory updates, audit findings, and broader industry news relevant to business and government audiences.
The content is independently sourced from publicly available reports and government publications to support internal awareness and risk-informed decision-making. This report is free to use within organisations for awareness and education purposes; however, the “collection” remains the intellectual property of Australian Cyber Aware and must not be reproduced, redistributed, or republished without permission.
This post may be updated as more news or reports are discovered. The latest version can be accessed via the Australian Cyber Aware website.

Commentary June 2026:
I hope you all have a good run-down to EOFY and spend those budgets before the reset. In June, I finally managed to get the government audit tracking back in place, so the accumulated list now appears at the Australian Cyber Aware Audit Report Listing. I find audit reports a valuable source for understanding which types of controls audit teams are finding weaknesses in and the risk assigned to those weaknesses.Pick of the Month “Insider Threat”: It was hard to miss the news of the EY incidents involving unauthorised access to Albo’s bank account, not a great month for the Big 4 in the press. So many internal controls will need to be reviewed, not the brightest two individuals in the world. To drive the risk home, two more reports that might have slipped under your radar: Six men charged over alleged insider fraud plot against construction giant Shadforth (seriously scary), and Former Coffs Harbour strata manager Jessica Marrie Carah charged with fraud. Maybe it’s time to rerun your threat/risk assessments and control reviews on Insider Threats.
Incidents: There was an uptick in reported incidents across all sectors, but no reports in the major category (unless you’re the business impacted and the response teams are picking up the pieces). Other than the Albo’s Bank account incident, in my home state, Mackay Sugar took a several-day production outage due to ransomware, and One Nation had a DDoS attack that saw accusations being flung around and then quietly retracted.
Judgements and Findings: HBSC hit the news showing the impact of not paying attention to the impact of scams on your customers HSBC agrees to pay $35 million penalty after widespread scam failures, and there are a number of planned government regulatory changes on scam prevention to keep an eye on, just some, New anti-scam text laws introduced after massive losses.
Government Audits: Being the end of the financial year, government audit reports came due, making for some valuable reading. If you are an auditor, most government audit agencies release their audit plans for the next financial year, which often contain useful material for your plan. Several reports into the education sector have been released by NSW Education, Qld Education, NSW Universities, and Victorian Higher Education. It was good to see that the SA Government conducted a review of Legacy ICT systems; more governments should make this a standard audit plan item.
Standards and Regulation: ADS announces the planned retirement of the Essential Eight, and consultation has started on its replacement. Consultants everywhere are rubbing their hands with glee when the transition standards are released.
Next month, I am restarting individual Incident Posts with improved metadata to allow more insight into the types of threats and impact to your business or clients. Having individual posts allows me to show the history of individual incidents; most incidents have an ongoing story, which I can update on the post. Gradually, I will be adding the back catalogue of individual incidents from this year, to help produce a mid-year audit and incident update looking at trends and impacts. Also, if I get the time, I’ll add the list of regulatory findings and decisions.Please feel free to comment and provide suggestions.
Publicly Reported Incidents for June 2026

Claim Status: Confirmed = Acknowledged by organisation/public statement/regulator | Published = Published in mainstream or reputable media | Claim = Leak-site claim only, unverified | Withdrawn = The claim has been withdrawn | Denied = The victim has formally denied the claim | Unknown = No corroborating evidence has been found
NOTE: Claimed, withdrawn, denied, and unknown listings may be extortion events with no factual basis to believe that an actual incident occurred.
Confirmed 30-Jun-26 AU NSW
Ernst and Young staff sacked after Anthony Albanese’s private banking information allegedly breached
Two Ernst and Young employees have been sacked after Prime Minister Anthony Albanese’s personal banking information was allegedly breached while the pair worked for the accounting firm at the Commonwealth Bank.
25-Jun-26 AU NSW
Exclusive: NSW Rural Fire Service warns members of ‘cyber security incident’
The commissioner of the NSW Rural Fire Service (RFS) has warned members of the RFS that it has become “aware of a cyber security incident involving our ICT systems”. The incident had not impacted the RFS’s operational response capability, but said that some data may have been compromised.
Confirmed 24-Jun-26 AU QLD
Six men charged over alleged insider fraud plot against construction giant Shadforth
Queensland police launched an investigation in May last year after Shadforth received an anonymous letter alleging Mr Martin and Mr Larson were colluding to access sensitive information about Shadforth’s live tender submissions.
Published 23-Jun-26 AU ACT
Exclusive: National Portrait Gallery of Australia investigating data breach claims
Threat actor 2019 posts alleged National Portrait Gallery customer and client data to undergound hacking forum; names, emails, and location data potentially compromised.
Published 22-Jun-26 AU VIC
Exclusive: Victorian RV dealer suffers alleged cyber attack
Southern Design RV, a Ballarat, Victoria-based dealer specializing in new and used Australian-made caravans, has been listed as a victim by the emerging cybercrime group CMD Organization. The threat actor claims to have exfiltrated sensitive customer data, including names, addresses, emails, phone numbers, and purchase details, which it has posted as a sample on its leak site.
Confirmed 19-Jun-26 AU QLD
ALS Restores Operations After Cyberattack as Data Exposure Review Intensifies
ACTOR-DRIVEN disruption at ALS Limited, an Australian laboratory testing and inspection company, is exposing the operational and data security risks facing critical service providers after the firm restored most of its systems following a cyber incident while continuing to assess potential data impacts.
Published 19-Jun-26 AU VIC
Exclusive: 2019 claims alleged cyber incident on Melbourne weight-loss clinic
Notorious threat actor 2019 listed the clinic on an infamous hacking forum, claiming to have stolen data from over 28,000 patients across over 300,000 records at Elina Medical Weight Loss Clinic in Melbourne.
Published 18-Jun-26 AU, NZ
Exclusive: Harcourts allegedly hacked by SafePay ransomware
Major Australia-based real estate firm Harcourts has allegedly suffered a cyber incident after threat actors listed the company on their dark web leak site.
Published 18-Jun-26 AU VIC
Exclusive: Qilin ransomware claims hack of Aussie K-12 tutoring provider
The Qilin ransomware-as-a-service operation has listed a Victoria-headquartered online tutoring company, Kinetic Education, as a victim on its darknet leak site.
Denied 17-Jun-26 AU NSW
NSW government disputes alleged data breach
The New South Wales Government has shut down claims that it was hit by a data breach after a ransomware group leaked an alleged sample of 200GB in stolen data to the dark web.
Confirmed 16-Jun-26 AU
Exclusive: Hacker uses Productivity Commission breach to bully journos
The Australian Productivity Commission has confirmed an incident in which emails were sent out from its noreply email address that appeared to have been sent by a threat actor.
Confirmed 12-Jun-26 AU ACT
Exclusive: Ochre Health confirms patient data from its Tuggeranong clinic potentially compromised
The medical records, including Medicare numbers and DVA numbers, of potentially more than 25,000 patients of ACT-based Ochre Medical Centre Tuggeranong have been sold by a 2019 ransomware group online after a prolific hacker breached an unnamed third-party provider.
Confirmed 12-Jun-26 AU
Exclusive: One Nation blames “fearful Labor goons” for DDoS site crash
A spokesperson for Pauline Hanson’s One Nation has taken to Facebook to explain why the party’s donation website was down today. “Deliberate DDoS attack”.
Denied 12-Jun-26 AU
Exclusive: Australian Medical Council denies ransomware attack in wake of false claim
The Australian Medical Council (AMC) has said it was not the victim of a ransomware attack after it was listed as a victim on the darknet site of the ThreeAM hacking group.
Confirmed 11-Jun-26 AU SA
Parents warned after ‘cyber security breach’ at South Australia’s Reynella East College
A cyber security incident has taken the IT systems of a South Australian school, Reynella East College, offline for at least several days, a letter from the state’s Department of Education has warned.
Confirmed 11-Jun-26 AU WA
Student data compromised in second University of Western Australia data breach in 6 months
The University of Western Australia has disclosed it has been the victim of a data breach after access credentials for its Callista database were accidentally shared online.
Confirmed 10-Jun-26 AU QLD
Cyber attack shuts down two Mackay Sugar mills
Advocacy group Canegrowers confirmed on Wednesday the incident had shut down Mackay Sugar‘s milling and cane haulage across the Farleigh and Racecourse mills just outside Mackay, both of which had started crushing within the past week.
Published 10-Jun-26 AU NSW
Exclusive: 2019 claims breach of Australian lingerie retailer
In a post on a notorious hacking forum made earlier this month, threat actor 2019 claimed to have breached DeBra’s, saying that they exfiltrated 196,800 customer records and 1.2 million order records.
Published 10-Jun-26 AU QLD
Exclusive: Qilin targets Qld healthcare provider, but gets a bit confused
Qilin listed The Banyans Healthcare, an entity it called The Banyans Health and Wellness, on 8 June, and while the hackers shared few details (no evidence, no ransom demand, nor any idea of the volume of data allegedly compromised). The actual breach appears to be at Banyans Medical Centre and Specialist Clinics, which is investigating the incident.
Published 09-Jun-26 AU NSW
Exclusive: Napoleon Perdis allegedly breached following threat actor claims
Australian luxury make-up and cosmetics brand Napoleon Perdis has allegedly suffered a cyber incident after a threat actor claimed responsibility for breaching the company.
Published 09-Jun-26 AU VIC
Exclusive: Aussie farming group launches investigation following Qilin cyber attack claims
Late last month, Tripod Farmers was listed online by the Qilin ransomware group. According to threat feeds observed by Cyber Daily, the incident occurred around 17 February 2026, suggesting that the threat actor has had access for an extended period.
Published 09-Jun-26 AU NSW
Exclusive: 2019 claims cyber incident on Aussie ASX and financial market research firm
Over the weekend (6 June), threat actor 2019 listed Kalkine Media on an infamous cyber crime forum, claiming to have stolen the personal data of over 2,900 customers.
Published 09-Jun-26 AU NSW
Exclusive: Hacker claims breach of Aussie travel agency, FirstClass, 53k customers potentially impacted
2019, a prominent member of a popular underground hacking forum, said in a June 3 post they had gained access to the data of more than 53,300 customers of luxury travel website, FirstClass.com.au.
Denied 05-Jun-26 AU
Exclusive: Centrelink denies hacker claims of cyber attack
A threat actor with a reputation for targeting Australian entities has claimed a cyber attack on government service Centrelink, a claim Centrelink says is false.
Confirmed 04-Jun-26 AU NSW
Australia luxury lifestyle brand Camilla confirms cyber incident
Australian luxury and lifestyle fashion brand Camilla has confirmed a cyber incident, leading to company data theft by a threat actor.
Confirmed 04-Jun-26 AU NSW
Exclusive: MMJ Real Estate allegedly hacked, 17.3k customer records potentially compromised
The personal data of more than 17,300 clients of Australian estate agent MMJ Real Estate has potentially been exposed in a data breach.
Confirmed 03-Jun-26 AU VIC
Exclusive: Hacker claims breach of the Australian Centre for the Moving Image, PII allegedly compromised
A hacker going by the name of 2019 has published what they claim is the personal data of more than 25,000 customers of the Australian Centre for the Moving Image (ACMI) to a hacking forum.
Published 02-Jun-26 AU NSW
Exclusive: Aussie workplace catering firm Hampr suffers alleged 360k record data breach
The Hampr records come in two parts. The first contains customer IDs, names, mobile phone numbers, and account details, while the second part contains dietary information, payment details, billing information, and workspace details.
Confirmed 01-Jun-26 AU VIC
Hacked! Melbourne International Film Festival responding to cyber incidents
The Melbourne International Film Festival has said it is responding to a pair of cyber incidents that have affected its 340 000 customers’ data.
Confirmed 01-Jun-26 AU NSW
Exclusive: VSP Solutions responding to Stormous ransomware attack
Aussie video security firm VSP Solutions says it has contained the incident after hackers claimed to have stolen and published 40 gigabytes of company data.
Government Audit Reports Australia June 2026

29-Jun-26 AU FED
ANAO IP Australia
Artificial Intelligence Use in IP Australia
“Artificial intelligence (AI) is increasingly becoming a part of the Australian Public Service. AI offers the promise of better services, enhanced productivity and efficiency — but has the potential for increased risk and unintended consequences.
The ANAO made two recommendations to IP Australia aimed at improving management of cyber security risks and improving strategic oversight of AI implementation. ”
29-Jun-26 AU NSW
AONSW, Education
Security and privacy of student information
This audit assessed how effectively the NSW Department of Education (the department) and NSW public schools (schools) protect the security and privacy of student information. The audit made recommendations for the department to review the allocation of responsibilities to principals, improve the guidance and supports for schools, and strengthen the controls for managing the access to and use of student information.
24-Jun-26 AU FED
ANAO Department of the Treasury’s
Department of the Treasury’s Readiness to Implement the Scams Prevention Framework
Treasury has largely appropriate implementation and monitoring arrangements to support its readiness to implement the SPF, up to the point where the SPF becomes operational. To position Treasury to provide impactful, informed and influential advice about the SPF in operation, it will need to develop monitoring, reporting and evaluation arrangements.
18-Jun-26 AU QLD
QAO, Education
Education 2025
Weaknesses in the security of information systems at universities continue to account for most of the deficiencies we identified. Despite this, we have been able to rely on the systems and processes they used to prepare financial statements. This year, we identified 25 deficiencies – including one significant deficiency – relating to weaknesses in information systems controls at universities. Of the 48 deficiencies we identified last year, 14 remain unresolved as at 31 December 2025
16-Jun-26 AU SA
AOSA Government
Review of legacy ICT systems
We found weaknesses in how some agencies manage legacy system risks, including incomplete asset inventories, limited formal risk assessments, gaps in risk register documents and inconsistent reporting to governance bodies. These gaps reduce visibility of risks and can delay action to remediate or replace systems.
11-Jun-26 AU FED
ANAO, Department of Parliamentary Services, Government
Management of Cyber Security in the Department of Parliamentary Services
The ANAO audit assessed whether the Department of Parliamentary Services (DPS) had an effective baseline of cyber security controls, focusing on its assessment of cyber risks, implementation of the Essential Eight mitigation strategies, and assurance over control effectiveness in alignment with the Protective Security Policy Framework (PSPF) and Information Security Manual (ISM). It found that while governance structures existed, the overall cyber security posture was only partly effective due to gaps in risk assessment, incomplete implementation of controls, reliance on compensating measures, and weaknesses in asset inventories, policy frameworks, and assurance processes.
11-Jun-26 AU NSW
AONSW Education
Universities 2025
“Control deficiencies were most common in IT/cyber security, governance and payroll
There were 94 reported audit findings and most related to poor monitoring of IT/cyber security risks, inadequate governance oversight and deficiencies in payroll management. One university has no processes to manage IT legacy systems, and 6 universities have not formally assessed legacy system risks.
Three universities still do not have a formalised AI policy. Only 2 universities had procurement guidance in place for AI-related procurement.”
04-Jun-26 AU VIC
VAGO, Higher Education
Results of 2025 Audits: TAFEs and Universities
Weaknesses in IT controls continue to require attention in both sectors. Issues with their management and monitoring of system access increase the risk that errors or fraud occur and go undetected.
Cyber News of Australia May 2026

Tue, 30 Jun 2026
In wake of KPMG scandal, government considers splitting accounting firms’ auditing and consulting arms
Accounting firms could be asked to split their lucrative consulting services from their audit functions and individual firm partners could face far …
Tue, 30 Jun 2026
Auditor-General’s report reveals dangerous gaps in third-party security in NSW public schools
The NSW Department of Education only began considering essential student data management platforms as “crown jewels” this year, the report finds. • …
Tue, 30 Jun 2026
EY staff allegedly access Anthony Albanese’s private banking details | ABC NEWS
Two men have been sacked from Sydney accounting firm Ernst and Young after they allegedly accessed the prime minister’s personal banking information. The men, aged 21 and 25, are due to face court, charged with accessing restricted data without authorisation. Subscribe: http://ab.co/1svxLVE Read more here: https://www.abc.net.au/news/2026-06-30/ey-staff-allegedly-access-anthony-albanese-banking-information/106859426 Note: In most cases, our captions are auto-generated. #ABCNEWS #ABCNEWSAustralia #abcnewsnsw
Tue, 30 Jun 2026
Ernst and Young staff sacked after Anthony Albanese’s private banking information allegedly breached
Two Ernst and Young employees have been sacked after Prime Minister Anthony Albanese’s personal banking information was allegedly breached while the …
Mon, 29 Jun 2026
Cyber resilience a key plank of new Nakamal Agreement between Vanuatu and Australia
Australia signs a treaty with a Pacific nation to deepen integration and strengthen the collective security of the region. • Mon, 29 Jun 2026 • …
Mon, 29 Jun 2026
Gov to give eSafety Commissioner stronger powers
The federal government will strengthen the information-gathering powers of its internet regulator, the eSafety Commissioner, allowing it to compel …
Mon, 29 Jun 2026
Unfolding in real time: Artificial intelligence is reshaping cybersecurity
The cybersecurity capability of next-generation frontier artificial intelligence (AI) models is increasing rapidly. Large language models (LLM) …
Sun, 28 Jun 2026

VIDEO: AI Could Overwhelm Cybersecurity Within Months | 10 News+
Artificial intelligence is changing cybersecurity faster than governments and businesses can adapt. In a rare joint statement, the Five Eyes alliance warned that advanced AI models are accelerating cyber threats and could transform both offensive and defensive cyber capabilities within months, not years.
Sun, 28 Jun 2026

VIDEO: New anti-scam text laws introduced after massive losses | 7NEWS
There’s hope scam text messages could soon be a pest of the past with new anti-scam laws being introduced next week, but some say they don’t go far enough to tackle the growing threat of AI
Australia’s Enhanced CIRMP Rules: what critical in… | Clayton Utz
To further strengthen the security and resilience of critical infrastructure, the Australian Government introduced the Security of Critical …
Sat, 27 Jun 2026
Former Coffs Harbour strata manager Jessica Marrie Carah charged with fraud
A former employee of a strata business on the NSW Mid North Coast has been refused bail on more than 400 fraud offences. According to NSW Police, …
Sat, 27 Jun 2026
ACMA’s 2026–27 compliance priorities focus on protecting consumers
The Australian Communications and Media Authority (ACMA) has set out its compliance and enforcement priorities for 2026–27, signalling a focus on …
Sat, 27 Jun 2026
ASD to retire Essential Eight within two years, consults on replacement
The Australian Signals Directorate and the Australian Cyber Security Centre say the Essential Eight cyber security framework will be retired within …
Fri, 26 Jun 2026
Generation Life confirms customers impacted in April cyber incident
Aussie investment firm Generation Life has confirmed that customer data was impacted in a cyber attack it suffered back in April. • Fri, 26 Jun 2026 • …
Fri, 26 Jun 2026
AI in the boardroom: judgment, information systems and the modern duty of care
Key insight Artificial intelligence does not change directors’ duties – but it is reshaping how those duties will be assessed. Courts are focusing …
Fri, 26 Jun 2026
Exclusive: NSW Rural Fire Service warns members of ‘cyber security incident’
NSW RFS commissioner says there is “no impact to our operational response capability”, but historical data likely compromised. • Thu, 25 Jun 2026 • …
Fri, 26 Jun 2026
Exclusive: Pauline Hanson’s One Nation party quietly deletes Labor hacking claims
The right-wing party said “Labor goons” were responsible for a cyber attack on its donation website, but it has failed to answer media questions …
Fri, 26 Jun 2026
APRA instructs major lenders to share cyber insights
The Australian Prudential Regulation Authority (APRA) has instructed major banks and lenders to help protect the cyber and financial ecosystem by …
Fri, 26 Jun 2026
ASIO boss warns of active cyber threat to Aussie critical infrastructure
ASIO Director-General Mike Burgess’s Annual Threat Assessment outlines chilling nation-state efforts to “cripple” vital national infrastructure. • …
Fri, 26 Jun 2026
Generation Life confirms customers impacted in April cyber incident
Aussie investment firm Generation Life has confirmed that customer data was impacted in a cyber attack it suffered back in April. • Fri, 26 Jun 2026 • …
Thu, 25 Jun 2026
Exclusive: Hacker behind Reynella East College hack dumps hundreds of gigabytes of alleged teacher, student data on dark web
Staff and student passport scans have been posted to the dark web, with hackers boasting compromise of “contracts, financial reports, personal data, …
Thu, 25 Jun 2026
OAIC sweep unearths health sites’ covert user tracking
Several Australian health service websites have been covertly tracking visitors and transmitting sensitive health information to social media …
Wed, 24 Jun 2026
Exclusive: Data belonging to Aussie testing firm ALS Global makes its way to the dark web following May incident disclosure
The Aur0ra ransomware group has published employee data, passwords, banking details, and testing records from an Australian company with a massive …
Wed, 24 Jun 2026
ASD to retire Essential Eight cyber security framework within next two years
The Australian Signals Directorate intends to retire its Essential Eight guidance framework within two years, to keep up with shifting cyber security …
Wed, 24 Jun 2026
Privacy commissioner rules Medmate and Monash IVF breached privacy law through tracking pixels
Landmark determinations against a pair of medical websites find that health providers must obtain consent before collecting sensitive information for …
Wed, 24 Jun 2026
NSW gov puts $209m more into P25 network
The NSW government will spend an extra $209 million over the next decade on the P25 radio network that supports emergency services’ communications. In …
Wed, 24 Jun 2026
Qld gov backs technology projects with at least $340m
The Queensland government will release at least $256 million from a ‘digital fund’ for technology projects as part of its latest state budget. The …
Tue, 23 Jun 2026
Six men charged over alleged insider fraud plot against construction giant Shadforth
A Queensland police investigation has uncovered an alleged industrial espionage operation that potentially contributed to a major construction …
Tue, 23 Jun 2026
Civil liberties organisation rails against deployment of facial recognition tech by WA Police
The Western Australia Police Force will roll out live facial recognition in public spaces on 1 July, and Electronic Frontiers Australia calls the …
Tue, 23 Jun 2026
Exclusive: National Portrait Gallery of Australia investigating data breach claims
Threat actor 2019 posts alleged National Portrait Gallery customer and client data to undergound hacking forum; names, emails, and location data …
Tue, 23 Jun 2026
Australia joins US-led Exercise Valiant Shield 26 to test cyber and other domain capabilities
Australian Defence Force (ADF) personnel are getting ready to deploy to the Pacific to test defensive cooperation. Bethany Alvaro • Tue, 23 Jun 2026 • …
Tue, 23 Jun 2026
“Must act now” to counter AI-borne cyber attacks, ‘Five Eyes’ says
Cyber security agencies in Australia, Canada, New Zealand, Britain and the United States are stepping up their awareness campaign around artificial …
Tue, 23 Jun 2026
At a glance: data protection and management of health data in Australia
A Q&A guide to data protection and management for digital health in Australia, covering anonymised health data, enforcement, cybersecurity and …
Tue, 23 Jun 2026
The misuse of information obtained through an ex-employee’s position: a broader cause of action for businesses – Mallesons Pulse Blog
AI Summary ▼ The Full Court of the Federal Court has held that s 183(1) of the Corporations Act 2001 (Cth) provides a standalone cause of action …
Tue, 23 Jun 2026
Regulatory enforcement spotlight 2026: key trends so far and what to expect next
It has been another significant 12 months across the Australian regulatory landscape, defined by notable penalties obtained against companies that …
Tue, 23 Jun 2026

VIDEO: Australians sharing misinformation without checking facts | 7NEWS
New research by TikTok reveals one in five Australians believe online content before checking if it’s true, while nearly 40 per cent share information without verifying it first. Cyber safety expert Susan McLean discusses the consequences of spreading misinformation, from physical and mental harm to the challenges posed by AI-generated content that appears increasingly realistic. The importance of pausing to verify information before sharing and improving digital literacy across all age groups is emphasised as essential in combating the spread of false information online.
Tue, 23 Jun 2026

VIDEO: Inside WA police’s online child predator unit | 7NEWS
The WA Police Child Exploitation Squad operates an undercover unit where detectives pose as children in online chat rooms to identify and apprehend predators targeting minors.
Sat, 20 Jun 2026
ALS Restores Operations After Cyberattack as Data Exposure Review Intensifies – Australia Times
ACTOR-DRIVEN disruption at ALS Limited, an Australian laboratory testing and inspection company, is exposing the operational and data security risks …
Fri, 19 Jun 2026
Exclusive: 2019 claims alleged cyber incident on Melbourne weight-loss clinic
An infamous threat actor has claimed a cyber attack on an Australian weight-loss clinic, claiming to have stolen the data of tens of thousands of …
Fri, 19 Jun 2026
Exclusive: Harcourts investigates cyber attack claims, no evidence of impact so far
Major Australasian real estate firm Harcourts has said it is aware of claims of cyber attack following the listing made by the SafePay ransomware …
Thu, 18 Jun 2026

VIDEO: Plan to tackle the multi-billion-dollar problem of scams | 7.30
The federal government has a huge task on its hands, protecting Australians from ever more sophisticated scams. It’s working on a largescale plan to combat the insidious crimes in all its forms, but critics warn delays are giving scammers time to adapt. 7.30’s Tom Hartley reports.
Thu, 18 Jun 2026
Telco given warning after consumers lose millions in HSBC text scam
A global telco that failed to stop more than 1,000 scam text messages from reaching Australians has faced no consequences, the ABC can reveal. HSBC …
Thu, 18 Jun 2026
HSBC agrees to pay $35 million penalty after widespread scam failures
In a stunning turnaround, HSBC has admitted to failing to protect customers from scams and agreed to a $35 million penalty in the Federal Court today. …
Thu, 18 Jun 2026
Privacy commissioner gags complainant over American Express data security findings
Australia’s privacy commissioner has threatened a complainant with legal action to prevent the full disclosure of the findings of a long-running …
Thu, 18 Jun 2026
Exclusive: Harcourts allegedly hacked by SafePay ransomware
Major Australia-based real estate firm Harcourts has allegedly suffered a cyber incident after threat actors listed the company on their dark web …
Thu, 18 Jun 2026
ANZ says combating scams and fraud is its third-highest priority
Australian big four bank ANZ has outlined its priorities for its initiative of “securing Australia’s future”, with cyber security and combating scams …
Thu, 18 Jun 2026
ASD draws a hard line on developers lacking security skills
Organisations should not hand software projects to developers who don’t have the security skills to handle them safely: that’s the blunt official …
Thu, 18 Jun 2026
The US government can shut off access to AI at will. What does this mean for Australia?
Last Friday, US-based artificial intelligence (AI) company Anthropic received an “export control” directive from its government. The company was told …
Thu, 18 Jun 2026
Exclusive: Qilin ransomware claims hack of Aussie K-12 tutoring provider
A prolific cyber extortionist group lists Kinetic Education as a data breach victim on the darknet. • Thu, 18 Jun 2026 • Security *]:clear-none …
Wed, 17 Jun 2026
Phone giant ‘urgently investigating’ reported outages
Vodafone says it is “urgently investigating” after a number of customers found themselves locked out of the network this morning. Some Vodafone …
Wed, 17 Jun 2026
Cyber attack shuts down two Mackay Sugar mills
A cyber security “incident” has brought the Mackay region’s sugar crush to a halt. In a statement to growers and harvesting contractors, mill operator …
Wed, 17 Jun 2026
Mackay Sugar mills shut by cyber attack hope to reopen next week
A north Queensland sugar miller crippled by a cybersecurity attack says it hopes to resume production next week. Mackay Sugar shut down two of its …
Wed, 17 Jun 2026
Exclusive: NSW government pours cold water on ransomware claims
Nova ransomware actor claims hack of a state government, but the only evidence provided is “publicly available and historical”, the executive …
Wed, 17 Jun 2026
Amex ordered to implement access controls after insider privacy breaches
Australian privacy commissioner Carly Kind has ordered card issuer American Express (Amex) to implement uniform account-level access and action …
Thu, 11 Jun 2026
Tony Burke announces ‘new program of work’ under Horizon 2 of the Australian Cyber Security Strategy
Australia’s Minister for Home Affairs and Cyber Security has revealed an $89.3 million investment over four years to combat growing cyber threats. • …
Tue, 16 Jun 2026
Australia’s Department of Parliamentary Services has only ‘partly effective’ cyber security stature, audit finds
DPS says it will “address critical cyber, information security and operational resilience risks” in the wake of ANAO review. • Mon, 15 Jun 2026 • …
Tue, 16 Jun 2026 08:03:17 GMT
Exclusive: Keylend warns of phishing incident following single account breach
Australian mortgage broker Keylend has disclosed a data breach incident in which unauthorised access led to phishing emails being sent to third …
Tue, 16 Jun 2026
ADF’s Cyber Command to take part in Exercise Austral Shield
Defence aims to demonstrate its capacity for all arms to cooperate with state and federal agencies in a July exercise. • Tue, 16 Jun 2026 • …
Tue, 16 Jun 2026
Exclusive: Australian Medical Council denies ransomware attack in wake of false claim
The ThreeAM ransomware operation claims it hacked the healthcare standards body – but it only has data belonging to a Victorian medical centre. • Tue, …
Tue, 16 Jun 2026
Exclusive: Mackay Sugar cyber attack claimed by The Gentlemen ransomware
The cyber attack on major Australian sugar manufacturer Mackay Sugar has now been claimed by an infamous ransomware gang, which has set a timer for …
Tue, 16 Jun 2026
Exclusive: Hacker uses Productivity Commission breach to bully journos
The Australian Productivity Commission has confirmed an incident which saw emails sent out from its noreply email that appeared to have been sent by …
Tue, 16 Jun 2026
AI governance: existing obligations, regulatory expectations and increased scrutiny
Australian regulators have substantially increased their rhetoric on how regulated entities and their boards are expected to govern AI-related risk. …
Sun, 14 Jun 2026
Australians lose access to ‘dangerous’ Anthropic AI models after Trump order
Artificial intelligence company Anthropic has taken its most advanced AI models offline after it was ordered by the US government to suspend access …
Sun, 14 Jun 2026

VIDEO: How to beat cyber criminals and protect your passwords | 7NEWS
Australians are being warned to rethink what they share online, with scammers now using AI to crack passwords and steal personal information faster than ever before.
Sat, 13 Jun 2026
Gov looks for upstream threat blocking by telcos, cloud operators
The government wants to give telcos and cloud providers the power “to enable upstream blocking of cyber threats” as a key action under the second …
Wed, 10 Jun 2026
Exclusive: Napoleon Perdis allegedly breached following threat actor claims
Australian luxury make-up and cosmetics brand Napoleon Perdis has allegedly suffered a cyber incident after a threat actor claimed responsibility for …
Thu, 11 Jun 2026
Exclusive: 2019 claims breach of Australian lingerie retailer
An Australian online and in-store women’s lingerie, swimwear and underwear retailer has allegedly been breached following claims made by a threat …
Thu, 11 Jun 2026 0
Parents warned after ‘cyber security breach’ at South Australia’s Reynella East College
Investigations into the incident are ongoing, but the school warns that IT systems are expected to be offline for some time. • Thu, 11 Jun 2026 • …
Thu, 11 Jun 2026
Services Australia privacy incident saw pensioner concession cards sent to the wrong recipients
Services Australia has disclosed a privacy incident it detected last month, which led to the halting of the printing of pensioner concession cards. • …
Thu, 11 Jun 2026
Student data compromised in second University of Western Australia data breach in 6 months
The university’s Student Information Management System was exposed after access credentials were “unintentionally exposed online”. • Thu, 11 Jun 2026 …
Sat, 13 Jun 2026
Exclusive: Ochre Health confirms patient data from its Tuggeranong clinic potentially compromised
Threat actor 2019 claimed to have breached the data of more than 25,000 patients via a third-party platform – and it’s already been sold on a hacking …
Sat, 13 Jun 2026
Exclusive: One Nation blames “fearful Labor goons” for DDoS site crash
Pauline Hanson’s popularity is surging, and so was the malicious traffic targeting One Nation’s donation page today. • Fri, 12 Jun 2026 • …
Sat, 13 Jun 2026
Takedown! AFP helps dismantle alleged $542m cyber crime money laundering network
Australian investigators have helped disrupt an alleged international money laundering operation accused of processing criminal proceeds, including …
Fri, 12 Jun 2026

VIDEO: Government agencies fail to disclose AI use | ABC NEWS
Australia rejected an EU-style approach to regulating AI and tasked each government agency with managing its own use of the technology. The ABC can now reveal dozens of federal agencies missed mandatory deadlines to disclose how they use AI. Some agencies’ transparency statements are detailed; others are scant. Experts say this shows the challenges of the government’s chosen model.
Fri, 12 Jun 2026
AUSCERT Week in Review for 12th June 2026
Oracle has issued an urgent security advisory addressing a critical vulnerability in its widely used PeopleSoft platform, amid growing concerns that …
Fri, 12 Jun 2026
Government agencies told to police own AI use missed first transparency test
Dozens of government bodies have failed the first test of policing their own use of AI, after Australia backed away from stricter European-style AI …
Thu, 11 Jun 2026
Tony Burke announces ‘new program of work’ under Horizon 2 of the Australian Cyber Security Strategy
Australia’s Minister for Home Affairs and Cyber Security has revealed an $89.3 million investment over four years to combat growing cyber threats. • …
Thu, 11 Jun 2026
Australian government, Microsoft sign agreement strengthening cyber security
Microsoft and the Australian government have signed a fresh Memorandum of Understanding to strengthen cyber security in the face of emerging digital …
Thu, 11 Jun 2026
2 Mackay sugar mills shut down following cyber incident
A cyber incident has led to operations at two sugar mills in the Mackay region of North Queensland being halted. • Thu, 11 Jun 2026 • …
Thu, 11 Jun 202623:49:38 GMT
Marathon OAIC investigation finds Optus breached 51,000 customers’ privacy
Optus faces an unknown bill for compensation for a privacy breach that came to light in 2019, that led to the erroneous publication of 51,000 …
Thu, 11 Jun 2026

VIDEO:Starlink’s near-monopoly raises sovereignty fears over SpaceX | ABC NEWS
SpaceX’s Starlink service has around 200,000 subscribers, including government agencies and major telcos partner with SpaceX to expand satellite phone coverage. It’s prompted warnings over the reliance on a foreign-owned provider whose owner, Elon Musk, has a sometimes-volatile relationship with Australia.
Thu, 11 Jun 2026
Privacy Commissioner finds against Optus in White Pages breach
A determination issued by the Australian Privacy Commissioner Carly Kind found Optus interfered with the privacy of individuals whose personal …
Thu, 11 Jun 2026
Exclusive: Aussie educational publisher R.I.C Publications investigating breach after customer data published online
More than 110,000 customer records have been allegedly published on a popular hacking forum, with dozens seeking to access the data. • Thu, 11 Jun …
Thu, 11 Jun 2026
As Elon Musk’s SpaceX goes public, Australian government officials are flagging Starlink’s risks
As tens of thousands of Australians line up to buy shares in Elon Musk’s SpaceX blockbuster public offering, Australian government officials are …
Thu, 11 Jun 2026
New Zealand given access to Mythos AI
New Zealand has been given access to a frontier AI model that is deemed too dangerous for general release. Catriona Robinson, Deputy Director General …
Thu, 11 Jun 2026
Getting scammed via SMS will be harder from 1 July
From 1 July, when you get a text claiming to be from the Australian Taxation Office, Australia Post or any other organisation, the first thing to …
Thu, 11 Jun 2026
Exclusive: 2019 claims breach of Australian lingerie retailer
An Australian online and in-store women’s lingerie, swimwear and underwear retailer has allegedly been breached following claims made by a threat …
Wed, 10 Jun 2026
Exclusive: Qilin targets Qld healthcare provider, but gets a bit confused
Cases of mistaken identity can happen to anyone, but you’d think that at least hackers could work out who they’re hacking. • Wed, 10 Jun 2026 • …
Wed, 10 Jun 2026

VIDEO: ATO, Defence Dept, Services Australia among 13 agencies embroiled in transcript scandal | ABC NEWS
Thirteen government agencies are caught up in an expanding scandal involving potential data breaches, prompting calls for an urgent audit due to concerns over national security. Earlier in 2026, embattled transcription company VIQ Solutions breached its Commonwealth contract with the Federal Court by allowing highly sensitive court files to be accessed offshore in India. The Department of Defence, Services Australia, the ATO, the Office of the Special Investigator and the Attorney-General’s Department, are among the agencies who have used VIQ solutions since 2019. ABC technology reporter Cam Wilson explains the main focus now is figuring out who had access to potentially confidential and sensitive information.
Wed, 10 Jun 2026
AFCA to become Australia’s central scams complaints body under new prevention framework
The Australian Financial Complaints Authority will become the nation’s single external dispute resolution body for scam complaints, expanding its …
Wed, 10 Jun 2026 01:08:15 GMT
Exclusive: Napoleon Perdis allegedly breached following threat actor claims
Australian luxury make-up and cosmetics brand Napoleon Perdis has allegedly suffered a cyber incident after a threat actor claimed responsibility for …
Wed, 10 Jun 2026

VIDEO: Prepare for costly disruption as Mythos is introduced, says AI expert | The Business | ABC NEWS
Some of Australia’s biggest companies – along with national security agencies – are reportedly getting access to the frontier AI platform that’s been deemed by its creator to be too dangerous to release publicly. Anthropic’s Mythos will be rolled out to an extra 150 agencies and businesses around the world, including Australia, as part of Project Glasswing – a collaborative effort to defend the world’s cyber infrastructure. The Australian Strategic Policy Institute’s head of AI and security, David Wroe joined The Business to explain how Anthropic’s Mythos limited rollout is likely to take place, as well as the risks that are involved. “For a country like Australia, who’s a close US ally, our Australian Signals Directorate, for instance, as a government agency, will be among the first cabs off the rank in Australia to get access to it. For them to be able to apply their expertise will be really, really helpful. Equally for big Australian companies, telcos, banks. Large power providers, they all have their expertise and their particular needs as well. So there might be vulnerabilities that they have that a Microsoft or a CrowdStrike as a cybersecurity company internationally wouldn’t be able to fix for them. So direct access from Australia’s point of view is definitely a benefit.” But David Wroe says Australians might have to get used to being inconvenienced in order to avoid catastrophic sabotage incidences later on. “At the same time, as consumers, I think we need to accept that, for instance, a service provider might have to go offline for 12 hours or so while they patch their systems or while they install newer, better software. The costs might be passed on to us as well, so we have to expect perhaps some higher prices for some of these services.” He said.
Wed, 10 Jun 2026
National security concerns over use of transcription company VIQ Solutions by 13 government agencies
Thirteen government agencies are now embroiled in an expanding scandal involving potential data breaches, prompting calls for an urgent audit amid …
Wed, 10 Jun 2026
Unfair cop: AFP warns Aussies after scam script uncovered in Cambodian fraud compound
The Australian Federal Police has uncovered a sophisticated scam script used by criminals operating from a Cambodian scam compound. • Tue, 09 Jun 2026 …
Tue, 09 Jun 2026
Facial recognition technologies in retail: Clarifying the expectations
In February 2026, the Administrative Review Tribunal (ART) delivered a decision that reshapes the privacy landscape for facial recognition technology… …
Tue, 09 Jun 2026
Encrypted apps including Signal and Discord used by criminals to lure teens with intellectual disabilities into crime
Organised crime syndicates are using encrypted digital platforms to recruit vulnerable teenagers with intellectual disabilities, low IQ and no …
Tue, 09 Jun 2026
Exclusive: 2019 claims cyber incident on Aussie ASX and financial market research firm
A threat actor has claimed a cyber attack on an Australian finance and market research firm, allegedly having stolen personal customer data. • Tue, 09 …
Tue, 09 Jun 2026
Exclusive: Aussie farming group launches investigation following Qilin cyber attack claims
An Australian farming and produce company has said it is investigating claims of a cyber attack after it was listed online by an infamous threat …
Tue, 09 Jun 2026
Exclusive: Hacker claims breach of Aussie travel agency, FirstClass, 53k customers potentially impacted
The threat actor behind Melbourne International Film Festival and Australian Centre for the Moving Image hacks claims another Australian victim, …
Mon, 08 Jun 2026
How to protect your business when your IT vendor fails
Ensure you are notified Your IT contract should require the vendor to notify you promptly if it suffers an insolvency event. Ideally, the concept of …
Sun, 07 Jun 2026
Exclusive: Centrelink denies hacker claims of cyber attack
A threat actor with a reputation for targeting Australian entities has claimed a cyber attack on government service Centrelink, a claim Centrelink …
Sun, 07 Jun 2026
Why Australian boards can’t ignore AI governance anymore – AICD
Purpose-built AI is reshaping the way Australian boards lead, decide and protect the organisations they oversee. Australian boards have never carried …
Sun, 07 Jun 2026
Travellers warned of ‘reservation hijacking’ on travel booking sites | ABC NEWS
Experts warn holidaymakers to be wary of scams on travel sites. This follows the travel website Booking.com being targeted in ‘reservation hijacking’. Professor Daswin de Silva says cybercriminals impersonate hotels and contact customers, leading to identity theft and physical theft. Subscribe: http://ab.co/1svxLVE Note: In most cases, our captions are auto-generated. #ABCNEWS #ABCNEWSAustralia
Sun, 07 Jun 2026
More Australians targeted by Booking.com scams, with travellers lucrative targets for criminals
Australian travellers are being left out of pocket and fearful their personal data has been stolen amid growing concerns over the security of online …
Sat, 06 Jun 2026
Australia warns of ClickFix attacks pushing Vidar Stealer malware
The Australian Cyber Security Center (ACSC) is warning organizations of an ongoing malware campaign using the ClickFix social engineering technique …
Sat, 06 Jun 2026
ADT confirms data breach after ShinyHunters leak threat
Home security giant ADT has confirmed a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid. …
Fri, 05 Jun 2026
Melbourne International Film Festival customers’ data leaked via Ferve platform
Melbourne International Film Festival (MIFF) customers have received strange texts and emails after a data leak linked to the event’s third-party …
Thu, 04 Jun 2026
Exclusive: MMJ Real Estate allegedly hacked, 17.3k customer records potentially compromised
The same threat actor behind the MIFF and ACMI breaches continues to target Australian organisations in a hacking spree. • Thu, 04 Jun 2026 • …
Fri, 05 Jun 2026
Australia luxury lifestyle brand Camilla confirms cyber incident
Australian luxury and lifestyle fashion brand Camilla has confirmed a cyber incident, leading to company data theft by a threat actor. • Thu, 04 Jun …
Wed, 03 Jun 2026
Exclusive: Hacker claims breach of the Australian Centre for the Moving Image, PII allegedly compromised
The same hacker who claimed to have compromised the Melbourne International Film Festival has published the alleged data of more than 25,000 ACMI …
Wed, 03 Jun 2026
Watchdog slams Health NZ and portal provider over dark web data leak
NZ news The Privacy Commissioner found both entities failed to implement reasonable security safeguards to protect 100,000 patients. Watchdog slams …
Wed, 03 Jun 2026
Film festival hack leaves thousands fearing identity theft
Melbourne’s most popular annual film festival has suffered a security incident impacting the personal information of nearly 27,000 filmgoers. On …
Wed, 03 Jun 2026
How boards can manage AI risk without slowing innovation – AICD
Effective use of AI is contingent on maintaining a stable balance between planning, governance and cybersecurity. Boards are right to push hard on AI …
Wed, 03 Jun 2026
Australia, Japan team up on cyber talks
Australia and Japan have accelerated their existing defence partnership through recent collaborative efforts surrounding cyber command, control and …
Tue, 02 Jun 2026
Exclusive: Aussie workplace catering firm Hampr suffers alleged 360k record data breach
The same hacker who allegedly compromised the Melbourne International Film Festival has posted customer records from a catering firm that serves …
Tue, 02 Jun 2026
Scammer targets $900k WA land sale in overseas fraud attempt
A scammer’s attempt to sell a $900,000 vacant plot of land they did not own has failed, after suspicious emails put multiple West Australian …
Mon, 01 Jun 2026
Australian Cyber Aware – As It Was 2605 – May 2026
This monthly review provides a curated summary of Australian and New Zealand cyber, privacy, and information security developments identified during …
Mon, 01 Jun 2026
Exclusive: VSP Solutions responding to Stormous ransomware attack
Aussie video security firm VSP Solutions says it has contained the incident after hackers claimed to have stolen and published 40 gigabytes of …
Mon, 01 Jun 2026
Hacked! Melbourne International Film Festival responding to cyber incidents
MIFF releases statement after hacker claims to have breached the details of more than 340,000 customers. • Mon, 01 Jun 2026 • Security *]:clear-none …











