Australian Cyber Aware Cyber Incidents Listing

June 2026

Confirmed 01-Jun-26 AU VIC
Hacked! Melbourne International Film Festival responding to cyber incidents
The Melbourne International Film Festival has said it is responding to a pair of cyber incidents that have affected its 340 000 customers’ data.

Confirmed 01-Jun-26 AU NSW
Exclusive: VSP Solutions responding to Stormous ransomware attack
Aussie video security firm VSP Solutions says it has contained the incident after hackers claimed to have stolen and published 40 gigabytes of company data.

 

---

May 2026

Claim 28-May-26 AU VIC
[Unconfirmed] Qilin ransomware group has claimed to have breached a Victorian farmers’ group
An unverified report from the Qilin group claims to have breached the Tripod Framers Group, a Victorian family business of fourth-generation farmers.

Confirmed 28-May-26 AU QLD
Exclusive: Accounting firm Kennedy McLaughlin confirms ‘cyber incident’ following Qilin ransomware attack
Queensland-based firm Kennedy McLaughlin says it has notified impacted individuals as hackers publish client financial and banking data online.

Published 28-May-26 AU VIC
Exclusive: Victorian retail logistics firm allegedly breached by DragonForce
QLS Group is a large appliance logistics services provider. DragonForce ransomware gang claims to have exfiltrated 554.65 gigabytes of data.

Published 27-May-26 NZ
Exclusive: New Zealand’s Alpha Group Holdings allegedly hacked
The Qilin ransomware group have claimed to have “sensitive data” from Auckland-based health supplement producer, Alpha Group Holdings

Published 26-May-26 AU VIC
Exclusive: Marketing and merchandise firm Branded Products listed by Qilin ransomware
A Melbourne-based branded merchandise supplier, Branded Products, has been listed as a victim of hacking by the Qilin ransomware-as-a-service operation.

Published 25-May-26 AU VIC
Exclusive: Victorian regional newspaper allegedly hacked by ransomware group
The Brain Cipher ransomware group has listed The Adviser – a newspaper and media outlet serving the Shepparton area in regional Victoria – as a hacking victim on its darknet leak site.

Confirmed 22-May-26 AU NSW
State Library of NSW responding to April cyber intrusion
The State Library of NSW has said it expects to have its full range of services back online by 29 May, as it continues to handle the fallout from an April cyber incident.

Confirmed 19-May-26 AU VIC
Exclusive: Major cleaning and facility services firm confirms third-party cyber incident
Major private cleaning and facility services firm Menzies Group has confirmed a cyber incident that occurred after a third-party IT provider was breached.

Published 17-May-26 AU VIC
Exclusive: INC Ransom claims cyber attack on Australian engineering service company
Threat actors INC Ransom have claimed responsibility for a cyberattack on an Australian engineering solutions company, Metaval, and are threatening to publish data they allegedly exfiltrated.

Published 15-May-26 AU VIC
Exclusive: Hospitality IT provider allegedly breached by Qilin
Bluize is an IT supplier of hospitality solutions for pubs, bars, restaurants, and gaming venues. Threat actor Qilin has claimed responsibility for a cyberattack on an Australian hospitality and gaming industry supplier, having listed the firm on the dark web.

Published 17-May-26 AU NSW
Exclusive: Australian College of Business Intelligence investigating Qilin ransomware claims
The Australian College of Business Intelligence (ACBI) has said it is aware of claims by the ransomware group Qilin and is actively investigating a potential cyber incident.

Confirmed 14-May-26 AU TAS
Exclusive: Tassie hospitality group confirms CMD Organisation ransomware attack
A new hacking group targets Devonport-based Goodstone Group, compromising employee passports in the attack.

Confirmed 13-May-26 AU WA
Scope Systems confirms cyber incident, says no data loss occurred
Western Australia-based software deployment specialist and reseller Scope Systems has disclosed a cyber incident but said no data loss occurred. The company posted a statement on 6 May, confirming that it had detected malicious activity.

Published 12-May-26 AU VIC
Exclusive: Aussie firm Earth Systems listed by INC Ransom hacking group
The hackers INC Ransom listed the Victoria-based Earth Systems in a 7 May post to their darknet leak site, claiming to have stolen at least 600 gigabytes of company data, including, according to INC Ransom, “full corp data, nda client contract project” information.

Confirmed 12-May-26 AU VIC
Institute of Public Accountants members hit by data breach
Members of the Institute of Public Accountants received an email last week after the names and member numbers were leaked. The body has stressed that the breach did not include any personal information.

Published 11-May-26 AU NSW
Exclusive: Aussie toy distributor listed by M3rx ransomware
“An Australian toy distributor KBToys, with an extensive eBay presence is the latest Australian victim claimed by a newcomer ransomware gang, M3rx.
Ransomware notification sites claim to have exfiltrated 140 gigabytes of data, spanning nearly 37,000 files.”

Published 11-May-26 AU NSW
Exclusive: Australian Computer Society investigating possible breach after ShinyHunters hack claims
The Australian Computer Society (ACS) has responded to claims made by the hackers behind last week’s Instructure education breach.

Published 07-May-26 AU QLD
Exclusive: Aussie car parts importer Strategic Imports allegedly breached by threat actors
Threat actors have claimed responsibility for a cyberattack on a Queensland automotive parts importer, Strategic Imports, alleging they exfiltrated data from its network.

Confirmed 07-May-26 AU QLD
Qld gov says students, staff caught in Canvas cyber incident
“Education Queensland says that students and staff working or studying at state schools since 2020 may have been caught up in a breach of the global education systems vendor, Instructure. Multiple institutions, including RMIT University, UTS, TasTAFE Tasmania and Western Sydney University, were urgently assessing their potential exposure to the incident.”

Claim 06-May-26 NZ
[Unconfirmed] Ransomware group The Gentlemen has claimed to have breached New Zealand sporting distributor Worralls
W.H. Worrall & Co. Limited (Worralls) is New Zealand’s leading distributor of world-class cycling and sporting brand

Confirmed 06-May-26 AU QLD
Hacked: ALS discloses cyber incident, unauthorised access to IT systems
Queensland-based scientific testing company ALS recently reported to the ASX that it “identified malicious cyber activity involving unauthorised third-party access to some of our IT systems.” No details are available on the incident.

Published 06-May-06 AU NSW
Exclusive: Australian energy management firm allegedly breached by SafePay
Threat actor SafePay has claimed responsibility for a cyberattack on an NSW energy management and consulting firm, Energy Action, threatening to release allegedly stolen data within a number of days.

Confirmed 05-May-26 AU NSW
Exclusive: Champion Homes confirms customer data compromised in ‘cyber event’
Australian home builder Champion Homes has confirmed it was recently the victim of a cyber attack that exposed a limited amount of employee and customer data. DragonForce ransomware operation threatened to publish a 44-gigabyte dataset on the dark web.

Confirmed 04-May-26 AU NSW
Exclusive: Major Australian jewellery brand confirms cyber incident
Gregory Jewellers is an Australian-owned retailer that specialises in fine jewellery, watches, and accessories. The company was listed on the Kairos ransomware gang’s dark web leak site, which claimed to have stolen 574 gigabytes of data from it.

Confirmed 04-May-26 NZ
Exclusive: Kiwi firm, McKay electrical contractor, confirms cyber attack
McKay, one of New Zealand’s largest privately owned electrical contractors, has confirmed it was the victim of a cyber attack in January, after it was listed as a victim on the darknet leak site of a newly emerged ransomware group.

Claim 01-May-26 AU
[Unconfirmed] Fulcrumsec claims breach of YOUX / DRIVE IQ, formerly known as Drive IQ, is an Australian technology company specialising in connected vehicle data and mobility intelligence.

Published 01-May-26 AU NSW
Exclusive: Prime Properties listed as breach victim by M3rx ransomware
Hackers are alleged to have stolen more than 80,000 documents totalling 100 gigabytes of data from a Sydney-based property investment firm, Prime Properties.

 

---

April 2026

Confirmed 29-Apr-26 NZ
NZ council cyber attack leads to ID and financial data being exposed
The Hutt City Council, located in the north island of New Zealand, reportedly suffered a phishing incident in March, leading to the identity data of five people and the financial information of as many as 732 people being exposed.

Confirmed 28-Apr-26 AU NSW
Generation Life informs customers of ‘cyber incident’ as owner shares incident with ASX
Financial services firm Generation Life has begun notifying customers of a potential data breach hours after its parent company, Generation Development Group, shared details of the incident in a report to the Australian Stock Exchange.

Confirmed 27-Apr-26 AU NSW
Exclusive: Gelatissimo confirms unauthorised access, investigates DragonForce hack claims
Major Australian ice-cream retailer Gelatissimo has launched an investigation into claims made by hackers that the company was breached in a ransomware incident.

Confirmed 23-Apr-26 AU SA
Exclusive: SA genealogical research firm Genealogy SA, confirms cyber incident following SafePay ransom claims
Threat actors have claimed to have hacked a South Australia-based non-profit, SA Genealogy, allegedly having stolen and published data.

Confirmed 22-Apr-26 NZ
Private healthcare provider IntraCare hit by cyber breach
IntraCare responded to a cyber incident involving unauthorised access to its network on Friday, 20 March 2026. Out of an abundance of caution, we decided to shut down our information technology (IT) systems and defer patient procedures for the week beginning 23 March. We communicated directly with those patients and affected specialists. Our services resumed on the 30th March.

Confirmed 21-Apr-26 AU NSW
Treasury staffer charged for NSW government data breach
In a statement released today (Tuesday, 21 April), the state government said that an NSW Treasury staff member was involved in the incident, which was discovered when a suspected data transfer to an outside party was detected.

Confirmed 17-Apr-26 AU NSW
Exclusive: NSW-based Strata Republic allegedly breached by Kairos ransomware group
Hackers claim to have stolen 441 gigabytes of data from Strata Republic, including internal correspondence, driver’s licence scans and revealing Christmas party photos.

Published 16-Apr-26 AU SA
Accused hacker allegedly targeted government departments, courthouse and gym, court hears
Payneham resident Aiden Wood, 22, appeared in the Adelaide Magistrates Court on Thursday after being charged with 12 hacking offences including operating a restricted access computer system and modifying computer data to cause harm or inconvenience.

Published 15-Apr-26 AU QLD
Exclusive: Qld pharmacy chain allegedly breached by Kairos ransomware
With seven locations, FriendlyCare Pharmacy was listed on the dark web leak site of the Kairos ransomware group, claiming to have stolen 113 gigabytes of data.

Confirmed 15-Apr-26 NZ
NZ racehorse auction stalled by cyber attack
The New Zealand Bloodstock National Online Yearling Sale, which is held on the Gavelhouse Plus platform, was delayed 24 hours after New Zealand Bloodstock confirmed the site suffered a cyber attack.

Claim 14-Apr-26 AU NSW
[Unconfirmed] Vitex Pharmaceuticals suffered a ransomware attack by LockBit 5.0 in April 2026, risking exposure of sensitive company data.
On April 6, 2026, the ransomware group LockBit 5.0 claimed responsibility for a cyberattack against Vitex Pharmaceuticals (vitexpharma.com), a leading Australian contract manufacturer specialising in vitamins. The group issued a statement threatening to release sensitive data unless their demands are met.

Claim 14-Apr-26 AU VIC
[Unconfirmed] The Gentlemen ransomware group claims to have hit Brand Collective in Australia
Brand Collective, identified as a leading Australian house of apparel, footwear, and sports brands operating across strategy, design, development, sales, supply chain, retail operations, e-commerce, and marketing, is listed as the victim in the post. The post is dated 2026-04-14 10:28:32 and presents Brand Collective as the subject of a ransomware-related leak.

Confirmed 14-Apr-26 AU NSW
Exclusive: Aussie communications company Mastercom ‘aware’ of INC Ransom claims
Hackers have published customer and hardware data belonging to a Sydney-based firm, Mastercom, providing communications solutions to hundreds of businesses and local councils.

Confirmed 12-Apr-26 AU VIC
Exclusive: Aboriginal community organisation confirms cyber incident following INC Ransom claims
A Dja Dja Wurrung (Bendigo) based Aboriginal community centre has confirmed a cyber incident following claims made by the INC Ransom threat group.

Published 12-Apr-26 NZ
Exclusive: Krybit hackers claim breach of New Zealand IT services provider
A newcomer to the ransomware scene has listed Kiwi company Dencom New Zealand as a victim on its darknet leak site, one of 16 victims the group has claimed to breach since it was first observed earlier this month.

Claim 10-Apr-26 AU VIC
[Unconfirmed] Ransomware group Qilin has claimed to have breached Australian building company Peuker & Alexander
The Victorian company Peuker & Alexander who manufactures roof trusses, wall frames, and posi-strut systems. No other sources have been found to confirm Qilin’s claim.

Published 10-Apr-26 AU QLD
Exclusive: Gunra ransomware lists Queensland Eric Davis Dental as breach victim
Hackers linked to the Gunra ransomware-as-a-service operation have listed Eric Davis Dental as a data breach victim on its darknet leak site, potentially compromising the medical data of hundreds of patients. Eric Davis Dental is aware of the hacker’s claims and doubts their veracity.

Published  10-Apr-26 AU NSW
Exclusive: NSW pharmacy management firm allegedly breached by INC Ransom
Rx Management is a franchise network that manages a number of Pharmacy stores across New South Wales, Victoria and South Australia.

Confirmed 07-Apr-26 AU VIC
Exclusive: Victorian resort hotel allegedly breached by Space Bears ransomware
On 6 April 2026, Brooklands of Mornington was listed on the dark web leak site of the Space Bears ransomware group, which claimed to have stolen personal data belonging to both guests and staff, financial documents and “other files”.

Confirmed 04-Apr-26 AU WA
Exclusive: Anubis ransomware gang claims hack of WA-based Shine Aviation
The Anubis ransomware operation is claiming to have exfiltrated 57 gigabytes of data, totalling more than 68,000 files.

Published 01-Apr-26 AU VIC
Exclusive: Cuddly toy maker Charlie Bears allegedly hacked
The hacking group LockBit has listed the popular children’s toy outlet Charlie Bears as a victim on its darknet leak site, claiming to have breached the company’s network.

 

 

---