Select Page

Australian Cyber Aware Cyber Incidents Listing

This listing tracks reported cybersecurity incidents across Australia and New Zealand, offering a clear, practical view of the real threats facing organisations today. While major international and high-profile Australian incidents often dominate headlines, many everyday cyber events go largely unnoticed—creating an awareness gap for businesses seeking to understand the risks they genuinely face.

From data breaches to ransomware attacks, each entry shows how cyber risks are materialising in real-world environments across a wide range of sectors and organisation sizes. The purpose is simple: to increase awareness, promote transparency, and help organisations and individuals better understand the nature and frequency of local incidents.

By tracking patterns, trends, and impacts over time, this resource supports stronger risk management, improved preparedness, and more informed, defensible security decisions.

Claim Status: Confirmed = Acknowledged by organisation/public statement/regulator | Published = Published in mainstream or reputable media | Claim = Leak-site claim only, unverified | Withdrawn = The claim has been withdrawn | Denied = The victim has formally denied the claim | Unknown = No corroborating evidence has been found

NOTE: Claimed, withdrawn, denied, and unknown listings may be extortion events with no factual basis to believe that an actual incident occurred.

July 2026

Pennant Hills Golf ClubClaim 02-Jul-26 AU NSW
Unconfirmed: Qilin Ransomware Strikes Pennant Hills Golf Club
A newly surfaced victim listing naming Pennant Hills Golf Club shows how ransomware operators turn public exposure into pressure, even when the underlying compromise has not been independently established.

 


June 2026

Ernst and YoungConfirmed 30-Jun-26 AU NSW
Ernst and Young staff sacked after Anthony Albanese’s private banking information allegedly breached
Two Ernst and Young employees have been sacked after Prime Minister Anthony Albanese’s personal banking information was allegedly breached while the pair worked for the accounting firm at the Commonwealth Bank.

Published 25-Jun-26 AU NSW
Exclusive: NSW Rural Fire Service warns members of ‘cyber security incident’
The commissioner of the NSW Rural Fire Service (RFS) has warned members of the RFS that it has become “aware of a cyber security incident involving our ICT systems”. The incident had not impacted the RFS’s operational response capability, but said that some data may have been compromised.

Confirmed 24-Jun-26 AU QLD
Six men charged over alleged insider fraud plot against construction giant Shadforth
Queensland police launched an investigation in May last year after Shadforth received an anonymous letter alleging Mr Martin and Mr Larson were colluding to access sensitive information about Shadforth’s live tender submissions.

Published 23-Jun-26 AU ACT
Exclusive: National Portrait Gallery of Australia investigating data breach claims
Threat actor 2019 posts alleged National Portrait Gallery customer and client data to undergound hacking forum; names, emails, and location data potentially compromised.

Published 22-Jun-26 AU VIC
Exclusive: Victorian RV dealer suffers alleged cyber attack
Southern Design RV, a Ballarat, Victoria-based dealer specializing in new and used Australian-made caravans, has been listed as a victim by the emerging cybercrime group CMD Organization. The threat actor claims to have exfiltrated sensitive customer data, including names, addresses, emails, phone numbers, and purchase details, which it has posted as a sample on its leak site.

Confirmed 19-Jun-26 AU QLD
ALS Restores Operations After Cyberattack as Data Exposure Review Intensifies
ACTOR-DRIVEN disruption at ALS Limited, an Australian laboratory testing and inspection company, is exposing the operational and data security risks facing critical service providers after the firm restored most of its systems following a cyber incident while continuing to assess potential data impacts.

Published 19-Jun-26 AU VIC
Exclusive: 2019 claims alleged cyber incident on Melbourne weight-loss clinic
Notorious threat actor 2019 listed the clinic on an infamous hacking forum, claiming to have stolen data from over 28,000 patients across over 300,000 records at Elina Medical Weight Loss Clinic in Melbourne.

Published 18-Jun-26 AU, NZ
Exclusive: Harcourts allegedly hacked by SafePay ransomware
Major Australia-based real estate firm Harcourts has allegedly suffered a cyber incident after threat actors listed the company on their dark web leak site.

Published 18-Jun-26 AU VIC
Exclusive: Qilin ransomware claims hack of Aussie K-12 tutoring provider
The Qilin ransomware-as-a-service operation has listed a Victoria-headquartered online tutoring company, Kinetic Education, as a victim on its darknet leak site.

Denied 17-Jun-26 AU NSW
NSW government disputes alleged data breach
The New South Wales Government has shut down claims that it was hit by a data breach after a ransomware group leaked an alleged sample of 200GB in stolen data to the dark web.

Confirmed 16-Jun-26 AU
Exclusive: Hacker uses Productivity Commission breach to bully journos
The Australian Productivity Commission has confirmed an incident in which emails were sent out from its noreply email address that appeared to have been sent by a threat actor.

Confirmed 12-Jun-26 AU ACT
Exclusive: Ochre Health confirms patient data from its Tuggeranong clinic potentially compromised
The medical records, including Medicare numbers and DVA numbers, of potentially more than 25,000 patients of ACT-based Ochre Medical Centre Tuggeranong have been sold by a 2019 ransomware group online after a prolific hacker breached an unnamed third-party provider.

Confirmed 12-Jun-26 AU
Exclusive: One Nation blames “fearful Labor goons” for DDoS site crash
A spokesperson for Pauline Hanson’s One Nation has taken to Facebook to explain why the party’s donation website was down today. “Deliberate DDoS attack”.

Denied 12-Jun-26 AU
Exclusive: Australian Medical Council denies ransomware attack in wake of false claim
The Australian Medical Council (AMC) has said it was not the victim of a ransomware attack after it was listed as a victim on the darknet site of the ThreeAM hacking group.

Confirmed 11-Jun-26 AU SA
Parents warned after ‘cyber security breach’ at South Australia’s Reynella East College
A cyber security incident has taken the IT systems of a South Australian school, Reynella East College, offline for at least several days, a letter from the state’s Department of Education has warned.

Confirmed 11-Jun-26 AU WA
Student data compromised in second University of Western Australia data breach in 6 months
The University of Western Australia has disclosed it has been the victim of a data breach after access credentials for its Callista database were accidentally shared online.

Confirmed 10-Jun-26 AU QLD
Cyber attack shuts down two Mackay Sugar mills
Advocacy group Canegrowers confirmed on Wednesday the incident had shut down Mackay Sugar‘s milling and cane haulage across the Farleigh and Racecourse mills just outside Mackay, both of which had started crushing within the past week.

Published 10-Jun-26 AU NSW
Exclusive: 2019 claims breach of Australian lingerie retailer
In a post on a notorious hacking forum made earlier this month, threat actor 2019 claimed to have breached DeBra’s, saying that they exfiltrated 196,800 customer records and 1.2 million order records.

Published 10-Jun-26 AU QLD
Exclusive: Qilin targets Qld healthcare provider, but gets a bit confused
Qilin listed The Banyans Healthcare, an entity it called The Banyans Health and Wellness, on 8 June, and while the hackers shared few details (no evidence, no ransom demand, nor any idea of the volume of data allegedly compromised). The actual breach appears to be at Banyans Medical Centre and Specialist Clinics, which is investigating the incident.

Published 09-Jun-26 AU NSW
Exclusive: Napoleon Perdis allegedly breached following threat actor claims
Australian luxury make-up and cosmetics brand Napoleon Perdis has allegedly suffered a cyber incident after a threat actor claimed responsibility for breaching the company.

Published 09-Jun-26 AU VIC
Exclusive: Aussie farming group launches investigation following Qilin cyber attack claims
Late last month, Tripod Farmers was listed online by the Qilin ransomware group. According to threat feeds observed by Cyber Daily, the incident occurred around 17 February 2026, suggesting that the threat actor has had access for an extended period.

Published 09-Jun-26 AU NSW
Exclusive: 2019 claims cyber incident on Aussie ASX and financial market research firm
Over the weekend (6 June), threat actor 2019 listed Kalkine Media on an infamous cyber crime forum, claiming to have stolen the personal data of over 2,900 customers.

Published 09-Jun-26 AU NSW
Exclusive: Hacker claims breach of Aussie travel agency, FirstClass, 53k customers potentially impacted
2019, a prominent member of a popular underground hacking forum, said in a June 3 post they had gained access to the data of more than 53,300 customers of luxury travel website, FirstClass.com.au.

Denied 05-Jun-26 AU
Exclusive: Centrelink denies hacker claims of cyber attack
A threat actor with a reputation for targeting Australian entities has claimed a cyber attack on government service Centrelink, a claim Centrelink says is false.

 

Confirmed 04-Jun-26 AU NSW
Australia luxury lifestyle brand Camilla confirms cyber incident
Australian luxury and lifestyle fashion brand Camilla has confirmed a cyber incident, leading to company data theft by a threat actor.

Confirmed 04-Jun-26 AU NSW
Exclusive: MMJ Real Estate allegedly hacked, 17.3k customer records potentially compromised
The personal data of more than 17,300 clients of Australian estate agent MMJ Real Estate has potentially been exposed in a data breach.

Confirmed 03-Jun-26 AU VIC
Exclusive: Hacker claims breach of the Australian Centre for the Moving Image, PII allegedly compromised
A hacker going by the name of 2019 has published what they claim is the personal data of more than 25,000 customers of the Australian Centre for the Moving Image (ACMI) to a hacking forum.

Published 02-Jun-26 AU NSW
Exclusive: Aussie workplace catering firm Hampr suffers alleged 360k record data breach
The Hampr records come in two parts. The first contains customer IDs, names, mobile phone numbers, and account details, while the second part contains dietary information, payment details, billing information, and workspace details.

Confirmed 01-Jun-26 AU VIC
Hacked! Melbourne International Film Festival responding to cyber incidents
The Melbourne International Film Festival has said it is responding to a pair of cyber incidents that have affected its 340 000 customers’ data.

Confirmed 01-Jun-26 AU NSW
Exclusive: VSP Solutions responding to Stormous ransomware attack
Aussie video security firm VSP Solutions says it has contained the incident after hackers claimed to have stolen and published 40 gigabytes of company data.

 


May 2026

Confirmed 28-May-26 AU QLD
Exclusive: Accounting firm Kennedy McLaughlin confirms ‘cyber incident’ following Qilin ransomware attack
Queensland-based firm Kennedy McLaughlin says it has notified impacted individuals as hackers publish client financial and banking data online.

Published 28-May-26 AU VIC
Exclusive: Victorian retail logistics firm allegedly breached by DragonForce
QLS Group is a large appliance logistics services provider. DragonForce ransomware gang claims to have exfiltrated 554.65 gigabytes of data.

Published 27-May-26 NZ
Exclusive: New Zealand’s Alpha Group Holdings allegedly hacked
The Qilin ransomware group have claimed to have “sensitive data” from Auckland-based health supplement producer, Alpha Group Holdings

Published 26-May-26 AU VIC
Exclusive: Marketing and merchandise firm Branded Products listed by Qilin ransomware
A Melbourne-based branded merchandise supplier, Branded Products, has been listed as a victim of hacking by the Qilin ransomware-as-a-service operation.

Published 25-May-26 AU VIC
Exclusive: Victorian regional newspaper allegedly hacked by ransomware group
The Brain Cipher ransomware group has listed The Adviser – a newspaper and media outlet serving the Shepparton area in regional Victoria – as a hacking victim on its darknet leak site.

Confirmed 24-May-26 AU WA
ADT confirms data breach after ShinyHunters leak threat
Home security giant ADT has confirmed a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid.

Confirmed 22-May-26 AU NSW
State Library of NSW responding to April cyber intrusion
The State Library of NSW has said it expects to have its full range of services back online by 29 May, as it continues to handle the fallout from an April cyber incident.

Confirmed 19-May-26 AU VIC
Exclusive: Major cleaning and facility services firm confirms third-party cyber incident
Major private cleaning and facility services firm Menzies Group has confirmed a cyber incident that occurred after a third-party IT provider was breached.

Published 17-May-26 AU VIC
Exclusive: INC Ransom claims cyber attack on Australian engineering service company
Threat actors INC Ransom have claimed responsibility for a cyberattack on an Australian engineering solutions company, Metaval, and are threatening to publish data they allegedly exfiltrated.

Published 15-May-26 AU VIC
Exclusive: Hospitality IT provider allegedly breached by Qilin
Bluize is an IT supplier of hospitality solutions for pubs, bars, restaurants, and gaming venues. Threat actor Qilin has claimed responsibility for a cyberattack on an Australian hospitality and gaming industry supplier, having listed the firm on the dark web.

Published 17-May-26 AU NSW
Exclusive: Australian College of Business Intelligence investigating Qilin ransomware claims
The Australian College of Business Intelligence (ACBI) has said it is aware of claims by the ransomware group Qilin and is actively investigating a potential cyber incident.

Confirmed 14-May-26 AU TAS
Exclusive: Tassie hospitality group confirms CMD Organisation ransomware attack
A new hacking group targets Devonport-based Goodstone Group, compromising employee passports in the attack.

Confirmed 13-May-26 AU WA
Scope Systems confirms cyber incident, says no data loss occurred
Western Australia-based software deployment specialist and reseller Scope Systems has disclosed a cyber incident but said no data loss occurred. The company posted a statement on 6 May, confirming that it had detected malicious activity.

Published 12-May-26 AU VIC
Exclusive: Aussie firm Earth Systems listed by INC Ransom hacking group
The hackers INC Ransom listed the Victoria-based Earth Systems in a 7 May post to their darknet leak site, claiming to have stolen at least 600 gigabytes of company data, including, according to INC Ransom, “full corp data, nda client contract project” information.

Confirmed 12-May-26 AU VIC
Institute of Public Accountants members hit by data breach
Members of the Institute of Public Accountants received an email last week after the names and member numbers were leaked. The body has stressed that the breach did not include any personal information.

Published 11-May-26 AU NSW
Exclusive: Aussie toy distributor listed by M3rx ransomware
“An Australian toy distributor KB Toys, with an extensive eBay presence is the latest Australian victim claimed by a newcomer ransomware gang, M3rx.
Ransomware notification sites claim to have exfiltrated 140 gigabytes of data, spanning nearly 37,000 files.”

Published 11-May-26 AU NSW
Exclusive: Australian Computer Society investigating possible breach after ShinyHunters hack claims
The Australian Computer Society (ACS) has responded to claims made by the hackers behind last week’s Instructure education breach.

Published 07-May-26 AU QLD
Exclusive: Aussie car parts importer Strategic Imports allegedly breached by threat actors
Threat actors have claimed responsibility for a cyberattack on a Queensland automotive parts importer, Strategic Imports, alleging they exfiltrated data from its network.

Confirmed 07-May-26 AU QLD
Qld gov says students, staff caught in Canvas cyber incident
Education Queensland says that students and staff working or studying at state schools since 2020 may have been caught up in a breach of the global education systems vendor, Instructure. Multiple institutions, including RMIT University, UTS, TasTAFE Tasmania and Western Sydney University, were urgently assessing their potential exposure to the incident.

Confirmed 06-May-26 AU QLD
Hacked: ALS discloses cyber incident, unauthorised access to IT systems
Queensland-based scientific testing company ALS recently reported to the ASX that it “identified malicious cyber activity involving unauthorised third-party access to some of our IT systems.” No details are available on the incident.

Published 06-May-06 AU NSW
Exclusive: Australian energy management firm allegedly breached by SafePay
Threat actor SafePay has claimed responsibility for a cyberattack on an NSW energy management and consulting firm, Energy Action, threatening to release allegedly stolen data within a number of days.

Confirmed 05-May-26 AU NSW
Exclusive: Champion Homes confirms customer data compromised in ‘cyber event’
Australian home builder Champion Homes has confirmed it was recently the victim of a cyber attack that exposed a limited amount of employee and customer data. DragonForce ransomware operation threatened to publish a 44-gigabyte dataset on the dark web.

Confirmed 04-May-26 AU NSW
Exclusive: Major Australian jewellery brand confirms cyber incident
Gregory Jewellers is an Australian-owned retailer that specialises in fine jewellery, watches, and accessories. The company was listed on the Kairos ransomware gang’s dark web leak site, which claimed to have stolen 574 gigabytes of data from it.

Confirmed 04-May-26 NZ
Exclusive: Kiwi firm, McKay electrical contractor, confirms cyber attack
McKay, one of New Zealand’s largest privately owned electrical contractors, has confirmed it was the victim of a cyber attack in January, after it was listed as a victim on the darknet leak site of a newly emerged ransomware group.

Published 01-May-26 AU NSW
Exclusive: Prime Properties listed as breach victim by M3rx ransomware
Hackers are alleged to have stolen more than 80,000 documents totalling 100 gigabytes of data from a Sydney-based property investment firm, Prime Properties.

 


April 2026

Confirmed 29-Apr-26 NZ
NZ council cyber attack leads to ID and financial data being exposed
The Hutt City Council, located in the north island of New Zealand, reportedly suffered a phishing incident in March, leading to the identity data of five people and the financial information of as many as 732 people being exposed.

Confirmed 28-Apr-26 AU NSW
Generation Life informs customers of ‘cyber incident’ as owner shares incident with ASX
Financial services firm Generation Life has begun notifying customers of a potential data breach hours after its parent company, Generation Development Group, shared details of the incident in a report to the Australian Stock Exchange.

Confirmed 27-Apr-26 AU NSW
Exclusive: Gelatissimo confirms unauthorised access, investigates DragonForce hack claims
Major Australian ice-cream retailer Gelatissimo has launched an investigation into claims made by hackers that the company was breached in a ransomware incident.

Confirmed 23-Apr-26 AU SA
Exclusive: SA genealogical research firm Genealogy SA, confirms cyber incident following SafePay ransom claims
Threat actors have claimed to have hacked a South Australia-based non-profit, Genealogy SA, allegedly having stolen and published data.

Confirmed 22-Apr-26 NZ
Private healthcare provider IntraCare hit by cyber breach
IntraCare responded to a cyber incident involving unauthorised access to its network on Friday, 20 March 2026. Out of an abundance of caution, we decided to shut down our information technology (IT) systems and defer patient procedures for the week beginning 23 March. We communicated directly with those patients and affected specialists. Our services resumed on the 30th March.

Confirmed 21-Apr-26 AU NSW
Treasury staffer charged for NSW government data breach
In a statement released today (Tuesday, 21 April), the state government said that an NSW Treasury staff member was involved in the incident, which was discovered when a suspected data transfer to an outside party was detected.

Confirmed 17-Apr-26 AU NSW
Exclusive: NSW-based Strata Republic allegedly breached by Kairos ransomware group
Hackers claim to have stolen 441 gigabytes of data from Strata Republic, including internal correspondence, driver’s licence scans and revealing Christmas party photos.

Published 16-Apr-26 AU SA
Accused hacker allegedly targeted government departments, courthouse and gym, court hears
Payneham resident Aiden Wood, 22, appeared in the Adelaide Magistrates Court on Thursday after being charged with 12 hacking offences including operating a restricted access computer system and modifying computer data to cause harm or inconvenience.

Published 15-Apr-26 AU QLD
Exclusive: Qld pharmacy chain allegedly breached by Kairos ransomware
With seven locations, FriendlyCare Pharmacy was listed on the dark web leak site of the Kairos ransomware group, claiming to have stolen 113 gigabytes of data.

Confirmed 15-Apr-26 NZ
NZ racehorse auction stalled by cyber attack
The New Zealand Bloodstock National Online Yearling Sale, which is held on the Gavelhouse Plus platform, was delayed 24 hours after New Zealand Bloodstock confirmed the site suffered a cyber attack.

Vitex PharmaceuticalsClaim 14-Apr-26 AU NSW
[Unconfirmed] Vitex Pharmaceuticals suffered a ransomware attack by LockBit 5.0 in April 2026, risking exposure of sensitive company data.
On April 6, 2026, the ransomware group LockBit 5.0 claimed responsibility for a cyberattack against Vitex Pharmaceuticals (vitexpharma.com), a leading Australian contract manufacturer specialising in vitamins. The group issued a statement threatening to release sensitive data unless their demands are met.

Claim 14-Apr-26 AU VIC
[Unconfirmed] The Gentlemen ransomware group claims to have hit Brand Collective in Australia
Brand Collective, identified as a leading Australian house of apparel, footwear, and sports brands operating across strategy, design, development, sales, supply chain, retail operations, e-commerce, and marketing, is listed as the victim in the post. The post is dated 2026-04-14 10:28:32 and presents Brand Collective as the subject of a ransomware-related leak.

Confirmed 14-Apr-26 AU NSW
Exclusive: Aussie communications company Mastercom ‘aware’ of INC Ransom claims
Hackers have published customer and hardware data belonging to a Sydney-based firm, Mastercom, providing communications solutions to hundreds of businesses and local councils.

Confirmed 12-Apr-26 AU VIC
Exclusive: Aboriginal community organisation confirms cyber incident following INC Ransom claims
A Dja Dja Wurrung (Bendigo) based Aboriginal community centre, Bendigo & District Aboriginal Co-operative (BDAC), has confirmed a cyber incident following claims made by the INC Ransom threat group.

Published 12-Apr-26 NZ
Exclusive: Krybit hackers claim breach of New Zealand IT services provider
A newcomer to the ransomware scene has listed Kiwi company Dencom New Zealand as a victim on its darknet leak site, one of 16 victims the group has claimed to breach since it was first observed earlier this month.

Claim 10-Apr-26 AU VIC
[Unconfirmed] Ransomware group Qilin has claimed to have breached Australian building company Peuker & Alexander
The Victorian company Peuker & Alexander who manufactures roof trusses, wall frames, and posi-strut systems. No other sources have been found to confirm Qilin’s claim.

Published 10-Apr-26 AU QLD
Exclusive: Gunra ransomware lists Queensland Eric Davis Dental as breach victim
Hackers linked to the Gunra ransomware-as-a-service operation have listed Eric Davis Dental as a data breach victim on its darknet leak site, potentially compromising the medical data of hundreds of patients. Eric Davis Dental is aware of the hacker’s claims and doubts their veracity.

Published  10-Apr-26 AU NSW
Exclusive: NSW pharmacy management firm allegedly breached by INC Ransom
Rx Management is a franchise network that manages a number of Pharmacy stores across New South Wales, Victoria and South Australia.

Denied 08-Apr-26 AU ACT
Exclusive: Aussie tech firm Seeing Machines confirms potential cyber security incident
Seeing Machines has not identified any relevant events in relation to the claim, nor has any unauthorised access to Seeing Machines systems or data has been identified at this time.

Confirmed 07-Apr-26 AU VIC
Exclusive: Victorian resort hotel allegedly breached by Space Bears ransomware
On 6 April 2026, Brooklands of Mornington was listed on the dark web leak site of the Space Bears ransomware group, which claimed to have stolen personal data belonging to both guests and staff, financial documents and “other files”.

Confirmed 04-Apr-26 AU WA
Exclusive: Anubis ransomware gang claims hack of WA-based Shine Aviation
The Anubis ransomware operation is claiming to have exfiltrated 57 gigabytes of data, totalling more than 68,000 files from Shine Aviation, based in Western Australia.

Published 01-Apr-26 AU VIC
Exclusive: Cuddly toy maker Charlie Bears allegedly hacked
The hacking group LockBit has listed the popular children’s toy outlet Charlie Bears as a victim on its darknet leak site, claiming to have breached the company’s network.

 


March 2026

Published 10-Mar-26 AU NSW
Exclusive: SafePay ransomware claims hack of Smile Team Orthodontics
The SafePay ransomware group has listed an NSW-based dental practice, Smile Team Orthodontics, as a victim on its darknet leak site and has published a raft of documents stolen during the breach.

Confirmed 10-Mar-26 AU SA
Public health patient demands apology after private health info given to media
A second public health patient in a matter of days has raised concerns about how the SA health minister’s office used personal patient information to “background” journalists ahead of the publication of stories.

Confirmed 10-Mar-26 AU WA
WA government’s Microsoft 365 issues led to $71k being stolen, exposure of child data
In the case of the data breach, which resulted from an audited entity emailing the personal and sensitive data of roughly 32 people, children included, to a third-party service provider that stored it in a Dropbox, the OAG said the entity did not have data loss prevention (DLP) controls implemented and did not assess the security of the third-party entity

 


February 2026

Confirmed 24-Feb-26 NZ
Patient details changed to ‘deceased’ in major NZ health app hack
An apparent hack of medication platform MediMap has led to some alive patients being marked as deceased, and others labelled as ‘Charlie Kirk’

Confirmed 24-Feb-26 AU VIC
Fowl play: Aussie poultry processor confirms cyber attack, chicken shortages hit customers
An Australian chicken farmer and processor, Hazeldenes,  has revealed it was the victim of a cyber attack that has caused serious production disruptions.

Confirmed 18-Feb-26 AU NSW
Hacker releases data after claiming to have accessed ‘hundreds of thousands’ of Aussies’ loans, driver’s licences
Australian fintech platform youX, a hacker claimed to have stolen data on 629,597 loan applications as well as 607,822 residential addresses and 444,538 personal details such as names and phone numbers and 229,236 driver’s licences.

Confirmed 18-Feb-26 AU NSW
Exclusive: Aeromedical Society of Australasia confirms cyber incident following LockBit ransomware claims
The Aeromedical Society of Australasia (ASA), an organisation devoted to “professionals in air medical transport services across Australia and New Zealand”, has allegedly been hacked by the LockBit 5.0 ransomware operation.

Published 17-Feb-26 AU WA
Exclusive: Qilin ransomware claims hack of Mount Barker Co-operative
Hackers have allegedly stolen 40 gigabytes of data from the West Australian food co-op, Mount Barker Co-operative, potentially compromising more than 50,000 files.

Confirmed 17-Feb-26 AU NSW
Exclusive: Aussie hospitality group confirms cyber incident, claimed by Kairos ransomware
An Australian hospitality company, Seagrass Boutique Hospitality Group, has confirmed that it suffered a cyber incident, following claims by a notorious hacking group that they launched an attack on the company’s network, exfiltrating data.

Confirmed 17-Feb-26 AU
Highly sensitive Australian court data accessed by foreign entity based in India
Highly sensitive Australian court files have been accessed by foreign actors in breach of the Federal and Commonwealth Law contractual obligations, an ABC investigation can reveal.

Claim 07-Feb-26 AU WA
[Unconfirmed] Ransomware group claims to have breached West Australian online retailer ETTO Australia
Clop ransomware group have claimed to have breached ETTO Australia. No information can be located in support of the claim.

Claim 07-Feb-26 AU VIC
[Unconfirmed] Ransomware group Clop has claimed to have breached an Australian environmental consultancy firm.
“Ransomware group Clop declared responsibility for a cyberattack on an environmental consultancy firm,
MRA Consulting Group. The group has threatened to release sensitive data to the public unless their demands are met. No evidence has been presented on the breach.”

Claim 07-Feb-26 AU WA
[Unconfirmed] Clop Ransomware Targets Podiatry WA in Australia
The claimed data breach at Podiatry WA, a professional association for podiatrists, was reported by the CL0P ransomware gang. No evidence has been presented.

Claim 07-Feb-26 AU WA
[Unconfirmed] Clop Ransomware Attack on RMW Group in Western Australia
Ransomware group Clop have claimed to have breached hospitality group RMW Hospitality. No evidence has been presented.

Claim 07-Feb-26 AU WA
[Unconfirmed] Clop ransomware group claims to have breached a Western Australian financial advisor.
The notorious ransomware group Clop claimed responsibility for a cyberattack against the West Australian-based Ventnor Equities & Advisory. Clop announced an intention to leak sensitive data unless its demands are met. No evidence has been presented.

Claim 07-Feb-26 AU VIC
[Unconfirmed] Clop Ransomware Strikes Roberts Designs in Australia
notorious ransomware group Clop claimed responsibility for a cyberattack against Roberts Designs Pty Ltd (robertsdesigns.com.au), a Victorian design firm. The attackers have threatened to release sensitive data unless their demands are met.

Claim 07-Feb-26 AU VIC
[Unconfirmed] Ransomware group Clop has claimed to have breached Victorian construction group Skye Excavations.
The ransomware group Clop has targeted Skye Excavations, an Australian construction company, with a ransomware attack. The group has threatened to release sensitive data unless negotiations are initiated. No evidence has been presented.

Denied 05-Feb-26 AU VIC
Exclusive: Epworth HealthCare finds no evidence of data breach as hackers allege 920GB stolen in ransomware attack
Epworth HealthCare, which operates several locations throughout Melbourne and Geelong, has found itself at the centre of another alleged data breach after the 0APT ransomware group claimed to have stolen almost a terabyte of data.

Published 03-Feb-26 AU
Exclusive: Cl0p cyber extortion group targets Australian IT providers and clients
The Cl0p cyber extortion group has listed a raft of alleged Australian victims on its darknet leak site, listing nine companies linked to IT service providers,Whole IT and NextPhaze.

 


January 2026

Published 27-Jan-26 NZ
Exclusive: NZ poultry producer allegedly hacked by Cl0p
Brinks NZ, a chicken and poultry producer, has allegedly suffered a ransomware attack after hackers listed the group on their dark web leak site.

Confirmed 27-Jan-26 NZ
Exclusive: NZ law firm investigating cyber attack
Langley Twigg Law is investigating cyber a incident as the Anubis ransomware operation takes credit for a hack allegedly impacting confidential client data.

Published 19-Jan-26 AU VIC
Exclusive: Aussie estate agency declines comment following email compromise claims
With real estate scams on the rise, the email address of a Melbourne property firm, Jalin Realty, has sent suspicious links to a number of recipients.

Confirmed 15-Jan-26 AU VIC
All 1,700 Victorian government schools caught up in cyber attack, student data accessed
The Victorian Department of Education has confirmed a major data breach affecting all 1700+ government schools. Hackers accessed the names, emails, and encrypted passwords of current and former students, impacting potentially hundreds of thousands of individuals just weeks before the new school year.

Confirmed 14-Jan-26 AU QLD
14th January 2026 Cyber Update: Prosura Breach Exposes 300,000 Customers
Australian car rental insurer Prosura has suffered a major data breach, exposing the personal and policy information of an estimated 300,000 customers. Attackers are now selling the stolen data identity data on a public forum after the company reportedly failed to meet their demands.

Published 09-Jan-26 NZ
New details emerge on New Zealand Health record hack
New Zealand Health has announced that it will be further investigating the cyber security breach of Manage My Health, a website holding medical records for nearly 2 million New Zealanders.

Published 08-Jan-26 AU QLD
Exclusive: Qld doctor’s office allegedly hacked by brutal ransomware gang
Anubis ransomware gang, claims to have exfiltrated Ladley Family Doctors‘ data including names, gender, date of birth, address, phone numbers, mobile numbers, Medicare details, medical history, medication details, incident reports and more.

Confirmed 08-Jan-26 AU VIC
Exclusive: Victorian Catholic college suffers alleged cyber attack
Victorian Catholic college St Joseph’s College Echuca has allegedly been breached by anotorious threat actor Lynx with the group claiming to have encrypted and breached the organisation’s network

Confirmed 07-Jan-26 AU WA
Exclusive: Major Australian gold producer confirms cyber attack
ASX-listed gold producer Regis Resources has confirmed a cyber incident targeting its network, after hackers claimed to have breached the company.

Claim 05-Jan-26 AU WA
[Unconfirmed] West Australia statutory authority, South West Development Commission, breach claimed
“Ransomware group Lynx publicly claimed responsibility for a cyberattack against
South West Development Commission. The group has threatened to leak sensitive data unless the organisation initiates negotiations.”

 

Currently Updating ETA July 2026

 

2019

 

Last Update: 2019-11-19T15:43:40.614Z

11 Nov 2019: Incident: Two Sydney women charged over $500,000 BEC scam | iTnews
05 Nov 2019: Incident: Hobart man pleads guilty to stalking and controlling ex-girlfriend’s car with his computer | ABC News (Australia)
05 Nov 2019: Incident: Monash IVF patients receive bogus emails after ‘malicious cyber attack’ on fertility company | ABC News (Australia)
01 Nov 2019: Incident: Cyber criminals hack Perth Anaesthetic Group hospital and steal patients’ personal information in terrifying security breach | Daily Mail Australia
28 Oct 2019: Incident: Victorian man arrested over multiple DDoS attacks | iTnews
24 Oct 2019: Incident: Thousands of Optus mobile numbers mistakenly published in White Pages | Brisbane Times
24 Oct 2019: Incident: 7-Eleven fuel app data breach exposes users’ personal details | The Guardian
22 Oct 2019: Incident: Cyber scare shuts down hospital IT systems in rural north-east Victoria | Brisbane Times
17 Oct 2019: Incident: Doctor, patient details allegedly stolen in CSL Behring Australia espionage scandal | SMH
15 Oct 2019: Incident: ‘Lesson learnt’: Shane Watson caught in embarrassing X-rated photo hack | Yahoo Sports
07 Oct 2019: Incident: Prime Minister Scott Morrison’s office accidentally leaks talking points for MPs to journalists | ABC News (Australia)
01 Oct 2019: Incident: Commonwealth Superannuation Corporation investigating privacy breach after financial documents sent to ABC producer | ABC News (Australia)
01 Oct 2019: Incident: ‘Trusted inside access’: Sydney IT contractor arrested over Landmark White data breach | Brisbane Times
01 Oct 2019: Incident: Victorian hospitals targeted in ransomware cyber attack | ABC News (Australia)
19 Sep 2019: Incident: Millions of Australians’ sensitive medical images, data left openly accessible | iTnews
18 Sep 2019: Incident: ‘Detailed and graphic’: Clinic faxes patients’ highly sensitive medical histories to wrong number | SMH
16 Sep 2019: Incident: Online fraud syndicate – Woman arrested and millions allegedly siphoned | 9 News
09 Sep 2019: Incident: Data breach may affect 50,000 Australian university students using ‘Get’ app | The Guardian
03 Sep 2019: Incident: Australian Attorney-General Christian Porter’s office in privacy breach over draft religious discrimination bill email | The Australian
28 Aug 2019: Incident: TGI Fridays Delivers Customer Indigestion Over Data Exposure | Threatpost
21 Aug 2019: Incident: Aussie banks warn customers after fresh PayID data breach | iTnews
14 Aug 2019: Incident: Sensitive personal data of hundreds of visa applicants accidentally leaked in email mishap | ABC News Australia
14 Aug 2019: Incident: ‘Shocking’ myki privacy breach for millions of users in data release | ABC News (Australia)
09 Aug 2019: Incident: WA Officer David Snowball illegally accessed police computer to protect partner’s massage business | ABC News (Australia)
07 Aug 2019: Incident: TAFE NSW staff details stolen after computer systems allegedly hacked | 9News
06 Aug 2019: Incident: Thousands of Australian medical histories exposed in data breach | SMH
27 Jul 2019: Incident: Thieves steal laptops with 30 years of data from University of Western Australia | iTnews
25 Jul 2019: Incident: NAB reveals 13,000-person data breach at 6PM Friday | iTnews
25 Jul 2019: Incident: Brisbane based loss assessor Australian Accident Management Commercial (AAMC) hit by cyber breach | insuranceNEWS.com.au
03 Jul 2019: Incident: MYOB in payslip privacy bungle | iTnews
01 Jul 2019: Incident: Police officer facing computer hacking charges | ARN
27 Jun 2019: Incident: Sydney headquartered MEGT data breach exposed students passport details, education data | Computerworld
25 Jun 2019: Incident: Aussie ‘hacker’ jailed for unauthorised access and insider trading | ZDNet
22 Jun 2019: Incident: Electronic medical records locked down as cyber-hackers target hospitals | Nine News
20 Jun 2019: Incident: Geraldton’s Nagle Catholic College swept up in cyber attack targeting parent banking details | The West Australian
19 Jun 2019: Incident: Specsavers says Qld customers’ private medical information may have been compromised | ABC News (Australia)
18 Jun 2019: Incident: Fears customer details stolen in Geelong Port cyber attack | Infrastructure Magazine
17 Jun 2019: Incident: Australian Catholic University staff details stolen in fresh data breach | SMH
03 Jun 2019: Incident: ANU says ‘sophisticated operator’ stole data in new cyber breach | SMH
03 Jun 2019: Incident: Almost 100,000 Australians’ private details exposed in attack on Westpac’s PayID | SMH
31 May 2019: Incident: Aussie fashion e-tailer Princess Polly suffers data breach | iTnews
23 May 2019: Incident: Australian tech unicorn Canva suffers security breach | ZDNet
20 May 2019: Incident: Govt IT contractor charged over cryptocurrency mining – Security | iTnews
14 May 2019: Incident: Australian Defence Force investigating a potential data breach | 7 NEWS Australia
08 May 2019: Incident: Australian cyber lead impersonated in remote access scam | iTnews
23 Apr 2019: Incident: Australian Auto Trade Show Sparks International Incident | Auto Expert John Cadogan
15 Apr 2019: Incident: Australian TicTocTrack Smartwatch Flaws Can Be Abused to Track Kids | ThreatPost
13 Mar 2019: Incident: Sydney man charged over Netflix, Spotify credential-stuffing, stolen accounts | iTnews
13 Mar 2019: Incident: Credit cards cancelled as Kathmandu reveals online store hacked | iTnews
11 Feb 2019: Incident: Landmark White home loan details of 100,000 customers hacked in major data breach | Brisbane Times
07 Feb 2019: Incident: Cyber-security breach at Federal Parliament prompts security agency investigation | ABC News Australia
07 Feb 2019: Incident: Chinese national charged with downloading AMP customers’ personal documents | ABC News Australia
06 Feb 2019: Incident: Bunnings exposed staff performance database | iTnews
01 Feb 2019: Incident: Officer used police computer network to stalk dozens of potential Tinder dates | ABC News Australia
28 Jan 2019: Incident: Cyber security official downloaded animated child porn on secure network | SMH
22 Jan 2019: Incident: NSW Policeman sent intimate photos from arrested woman’s phone to other officers via Facebook | SMH
14 Jan 2019: Incident: AusTender becomes latest bait for phishers | iTnews
13 Jan 2019: Incident: Fisheries Qld blames bad update for password ‘fault’ | iTnews
11 Jan 2019: Incident: Yet another Qld cop charged with hacking, One of four to face charges since December | iTnews
08 Jan 2019: Incident: First National ‘dealing with authorities’ after reported information leak | ZDNet
07 Jan 2019: Incident: Hack spam sent via Australian hazard alert service | iTnews
02 Jan 2019: Incident: Victorian Government employees’ details stolen in data breach | ABC News (Australia)

 

2016

TGI Fridays Delivers Customer Indigestion Over Data Exposure | Threatpost

September
Millions of Australians’ sensitive medical images, data left openly accessible | iTnews
‘Detailed and graphic’: Clinic faxes patients’ highly sensitive medical histories to wrong number | SMH
Online fraud syndicate – Woman arrested and millions allegedly siphoned | 9 News
Data breach may affect 50,000 Australian university students using ‘Get’ app | The Guardian
Australian Attorney-General Christian Porter’s office in privacy breach over draft religious discrimination bill email | The Australian
August
Aussie banks warn customers after fresh PayID data breach | iTnews
Northern Territory School children’s data exposed to cyber security threats due to education department oversight | ABC Australia
Sensitive personal data of hundreds of visa applicants accidentally leaked in email mishap | ABC News Australia
‘Shocking’ myki privacy breach for millions of users in data release | ABC News (Australia)
WA Officer David Snowball illegally accessed police computer to protect partner’s massage business | ABC News (Australia)
TAFE NSW staff details stolen after computer systems allegedly hacked | 9News
Thousands of Australian medical histories exposed in data breach | SMH
July
Thieves steal laptops with 30 years of data from University of Western Australia | iTnews
NAB reveals 13,000-person data breach at 6PM Friday | iTnews
MYOB in payslip privacy bungle | iTnews
Australia Post told to improve cyber security practices | iTnews
Police officer facing computer hacking charges | ARN
June
Sydney headquartered MEGT data breach exposed students passport details, education data | Computerworld
Aussie ‘hacker’ jailed for unauthorised access and insider trading | ZDNet
CBA to ‘substantially’ overhaul privacy under OAIC undertaking | iTnews
NSW unis facing significant cyber risks | Technology Decisions
Electronic medical records locked down as cyber-hackers target hospitals | Nine News
Geraldton’s Nagle Catholic College swept up in cyber attack targeting parent banking details | The West Australian
Specsavers says Qld customers’ private medical information may have been compromised | ABC News (Australia)
Fears customer details stolen in Geelong Port cyber attack | Infrastructure Magazine
Australian Catholic University staff details stolen in fresh data breach | SMH
ANU says ‘sophisticated operator’ stole data in new cyber breach | SMH
Almost 100,000 Australians’ private details exposed in attack on Westpac’s PayID | SMH
Aussie fashion e-tailer Princess Polly suffers data breach | iTnews
May
Australian tech unicorn Canva suffers security breach | ZDNet
Govt IT contractor charged over cryptocurrency mining – Security | iTnews
Vic public health ‘highly vulnerable’ to Singapore-like data breach | iTnews
Australian Defence Force investigating a potential data breach | 7 NEWS Australia
WA guns database sprayed over integrity issues | iTnews
Australian cyber lead impersonated in remote access scam | iTnews
April
Australian Auto Trade Show Sparks International Incident | Auto Expert John Cadogan
Australian TicTocTrack Smartwatch Flaws Can Be Abused to Track Kids | ThreatPost
March
Sydney man charged over Netflix, Spotify credential-stuffing, stolen accounts | iTnews
Credit cards cancelled as Kathmandu reveals online store hacked | iTnews
February
Landmark White home loan details of 100,000 customers hacked in major data breach | Brisbane Times
Cyber-security breach at Federal Parliament prompts security agency investigation | ABC News Australia
Chinese national charged with downloading AMP customers’ personal documents | ABC News Australia
Bunnings exposed staff performance database | iTnews
Officer used police computer network to stalk dozens of potential Tinder dates | ABC News Australia
January
Cyber security official downloaded animated child porn on secure network | SMH
NSW Policeman sent intimate photos from arrested woman’s phone to other officers via Facebook | SMH
AusTender becomes latest bait for phishers | iTnews
Fisheries Qld blames bad update for password ‘fault’ | iTnews
Yet another Qld cop charged with hacking, One of four to face charges since December | iTnews
First National ‘dealing with authorities’ after reported information leak | ZDNet
Hack spam sent via Australian hazard alert service | iTnews
Victorian Government employees’ details stolen in data breach | ABC News (Australia)

 

If you believe any information in this post is inaccurate or incomplete, please contact us so the matter can be reviewed. Parties with additional relevant information relating to the incident are also invited to get in touch.

Please follow the Source link to the original article to support the content owner. We only provide a brief summary with metadata to assist in categorisation.

More Australian News

Unfolding in real time: Artificial intelligence is reshaping cybersecurity

Key takeaways The cybersecurity capability of next-generation frontier artificial intelligence (AI) models is increasing rapidly. Large language … [...]

NSW Government Bulletin: Managing employee social media content in the public sector

Over recent years, the increase in social media activity across different platforms has facilitated opportunities for employees to comment on a broad … [...]

Australia: Pixel Perfect – The regulator addresses use of tracking pixels

On 11 June 2026, the Office of the Australian Information Commissioner (OAIC) published two determinations against Medmate Australia Pty Ltd (Medmate) … [...]

Discover how modern corporate investigations are shifting from email to chat and encrypted apps. Learn essential strategies for defensible forensic… [...]

Australian Cyber Aware - As It Was 2606 - June 2026

This monthly review provides a curated summary of Australian and New Zealand cyber, privacy, and information security developments identified during … [...]

Key Trends in Cyber Security and Data Privacy (2026): a General Counsel lens - Governance Institute of Australia

Cyber security and data privacy are now core governance tests – demanding clear decision-making authority, disciplined escalation and evidence that … [...]

OAIC ordered to turn over Amex privacy determination in full

Australia’s privacy watchdog has been told to turn over full details of an investigation into American Express that uncovered security and access … [...]

How to stay cyber secure: Australia’s top cyber agency releases Privileged User Training video series

The new training series offers a pathway for IT professionals to strengthen their cyber security skills and better understand cyber criminal … [...]

NSW Rural Fire Service admits security incident

The NSW Rural Fire Service (RFS) is investigating a cybersecurity incident after a hacker gained access to its information and communications … [...]

Scams surge as cybercrime falls

Cybercrime declined in Australia last year, but fraud and scams bucked the trend and victims have given up complaining, the Australian Institute of … [...]

Generation Life confirms customers impacted in April cyber incident

Aussie investment firm Generation Life has confirmed that customer data was impacted in a cyber attack it suffered back in April. • Fri, 26 Jun 2026 • … [...]

In wake of KPMG scandal, government considers splitting accounting firms' auditing and consulting arms

Accounting firms could be asked to split their lucrative consulting services from their audit functions and individual firm partners could face far … [...]

Shares
Share This