2024 Data Breach lists
The Complete List of Data Breaches in Australia
January 2024
February 2024
March 2024
April 2024
May 2024
June 2024
July 2024
August 2024
September 2024
October 2024
November 2024
December 2024
January 2024
| No | Affected Company | Industries | Data breach Details | Threat Actor |
|---|---|---|---|---|
| 1 | Eagers Automotive | Automotive, Retail | Potential exposure of customer and employee data, IT system disruptions | Unknown hackers |
| 2 | Yakult Australia | Beverage, Food Manufacturing | 95GB of data leaked, potential exposure of sensitive information | DragonForce |
| 3 | Court Services Victoria (CSV) | Legal, Government | Unauthorized access to court hearing recordings, disruption of in-court technology | Qilin ransomware gang (Russia-based) |
| 4 | Inspiring Vacations | Travel, Tourism | Exposed 26.8GB of customer data, including passport images, visa certificates, and partial credit card numbers | Misconfiguration (no evidence of malicious actor involvement yet) |
| 5 | The Iconic | E-commerce, Retail | Customer accounts hacked, fraudulent purchases made, financial losses reported | Credential stuffing attack by unknown hackers |
| 6 | The Iconic, Binge, Dan Murphy’s, Event Cinemas, Guzman y Gomez | E-commerce, Streaming, Retail, Entertainment, Hospitality | Customer accounts compromised, unauthorized purchases, potential financial losses | Credential stuffing attack by unknown hackers |
| 7 | Hal Leonard Australia | Print music, Publishing | 37.6GB of internal data leaked, including financial documents, emails, and employee details | Qilin ransomware gang |
| 8 | Quantum Radiology | Healthcare, Radiology | Patient and employee data, including Medicare numbers, image scans, reports, and financial details, were encrypted and accessed | Unidentified hackers |
| 9 | Multiple, including LinkedIn, Adobe, Twitter, Tencent, Weibo, and more | Technology, Social Media, Entertainment, Government | 26 billion records leaked, including personal and sensitive data, leading to risks of identity theft, phishing, and credential stuffing | Unknown, likely a data broker or threat actor |
February 2024
| No | Affected Company | Industries | Data breach Details | Threat Actor |
|---|---|---|---|---|
| 1 | Football Australia | Sports, Entertainment | Exposed AWS keys led to leaked personal details of ticket buyers, player contracts, internal infrastructure details, and source code | Likely caused by human error |
| 2 | Central Coast Council | Government, Public Services | Cyber attack targeted payment system, compromising cardholder information across Australia | Unknown threat actor |
| 3 | Europcar | Car Rental | Alleged theft of personal customer data, later denied as fake | Hacker named “lean” on BreachForums (claiming data theft) |
| 4 | Cloudflare | Cybersecurity | Accessed internal systems, documentation, and limited source code using old credentials | Nation-state threat actor |
| 5 | Elite Supplements | Supplement/Health | Customer names, shipping addresses, email addresses, and phone numbers compromised | Unknown threat actor (possible ransomware attack) |
| 6 | AnyDesk | Remote desktop software, Technology | Access to source code and private code signing keys | Unknown hackers (not a ransomware attack) |
| 7 | Australian Human Resources Institute (AHRI) | Human Resources | Malware installed, potential fake browser updates | Unidentified threat actor via website provider |
| 8 | Kadac Australia | Organic and Health Products | Customer and business data leaked, including personal and financial details | Medusa ransomware group |
| 9 | Tangerine Telecom | Telecommunications | Personal data of 232,000 customers, including names, contact details, and account numbers, was accessed | Unknown party exploiting contractor’s credentials |
| 10 | Microsoft Azure | Cloud computing and technology | Compromised 100 of executive accounts, granting access to data and resources at multiple levels | Threat actors possibly originating from Russia and/or Nigeria |
| 11 | Microsoft | Technology, software, cloud computing | No data breach mentioned; vulnerabilities patched include security feature bypasses and remote code execution flaws | Not specified; two vulnerabilities under active exploitation by unidentified attackers |
| 12 | Multiple companies (e.g., Adobe, MyFitnessPal, Canva, Zynga) | Various (e.g., technology, fitness, design, gaming) | Compilation of 25 million Australians personal details from multiple previous breaches | Seller named JasperOliverx, offering the compiled data on a hacking forum |
| 13 | Epic Games | Video game development and distribution | Alleged theft of 189 GB of internal data, including emails, passwords, payment information, and source code | Mogilevich ransomware gang |
March 2024
| No | Affected Company | Industries | Data breach Details | Threat Actor |
|---|---|---|---|---|
| 1 | Unnamed cloud-based hosting service (“hvd.host”) | Various (textiles, employment services, healthcare, hospitality) | 700 GB of data stolen,including passports, driver’s licenses, and sensitive company information | Black Basta ransomware gang |
| 2 | GaP Solutions | Retail software | Unauthorized access to internal data systems, extent unknown | LockBit ransomware gang |
| 3 | Nissan (including Mitsubishi, Renault, Skyline, Infiniti, LDV and RAM branded finance businesses) | Automotive and Financial Services | Compromised government IDs and personal information of up to 100,000 A/NZ customers | Unspecified (referred to as a “cyber incident”) |
| 4 | American Express | Financial services, banking | Potential exposure of customer account numbers, names, and card information | Unauthorised access to a third-party service provider’s system (identity not disclosed) |
| 5 | Multiple (Top 5 sectors: health service providers, finance, insurance, retail, and Australian Government) | Various (health, finance, insurance, retail, government) | 483 eligible data breach notifications, with 65% affecting 100 or fewer individuals | Malicious actors (67% of breaches), human error (39%), system fault (3%) |
| 6 | McDonald’s | Fast food | Global outage affecting restaurants, reportedly due to a configuration change with a third-party payment processor, but no data breach confirmed. | McDonald’s denies a cyber attack and attributes the outage to a “technology outage” related to a third-party provider |
| 7 | International Monetary Fund (IMF) | Financial services (international finance) | Compromised 11 email accounts, potential data exfiltration (details not disclosed) | Unspecified threat actors (identity not disclosed) |
| 8 | Fujitsu | Technology (global IT services and solutions) | Potential theft of personal and customer information from affected systems | Unspecified hackers (via malware) |
| 9 | VF Corporation (Vans, Timberland, The North Face) | Retail (apparel, footwear) | Stolen customer data including email addresses, phone numbers, names, addresses, order history, and payment method information affecting 35.5 million customers | ALPHV ransomware group (also known as BlackCat) |
April 2024
| No | Affected Company | Industries | Data breach Details | Threat Actor |
|---|---|---|---|---|
| 1 | Aussizz Group | Immigration and education consultancy | Alleged exfiltration of 278.91 GB of sensitive data, potentially including visa and citizenship application details | DragonForce ransomware gang |
| 2 | MotorCycle Holdings | Motorcycle distribution | Exposure of customer personal information (names, addresses, emails, phone numbers) from Sherco and Lambretta websites | Unknown threat actor |
| 3 | Diabetes WA | Healthcare | Unauthorized access to personal data of contacts, including names, dates of birth, addresses, email addresses, phone numbers, Medicare numbers, type of diabetes, marital status, Indigenous status, and referring doctor | An unauthorized third party |
| 4 | Roku | Streaming services | Unauthorized access to 576,000 accounts, with fewer than 400 cases of fraudulent purchases | Attackers using credential stuffing methods |
| 5 | BHF Couriers | Courier services | Alleged breach of 12GB of data, including addresses, phone numbers, partial credit card data, and invoices; company claims it is old data from 2009 and encrypted. | Hacker known as Okhotnik. |
| 6 | Telstra (Opticomm network) | Telecommunications | Leak of personal data (names, email addresses, phone numbers) of approximately 3,000 Telstra customers; most of the dataset contained dummy data | Hacker using the alias “abyss0” |
| 7 | Pandemonium Rocks music festival | Entertainment (music festivals) | Personal details of about 400 ticket holders exposed, including names, bank details, phone numbers, and email addresses | Event organizers (due to a clerical error) |
| 8 | DJI | Drone manufacturing | Alleged theft of customer data including order details, personal information, and payment methods; DJI denies any breach occurred | R00TK1T ransomware gang |
| 9 | Smoke Alarm Solutions | Fire and Security Alarm Installation Services | Exposure of 762,856 documents (107 GB) containing customer information, including invoices, inspection records, and personal details | Unprotected database discovered by cybersecurity researcher Jeremiah Fowler |
| 10 | OracleCMS | Call center services | Leak of over 60GB of data including personal details of thousands of individuals and information from more than a dozen local councils | LockBit ransomware gang |
| 11 | Aussizz Group | Migration and education services | Potential theft and publication of company data, including possible personal information of clients | Cybercriminals |
| 12 | Ambulance Victoria | Healthcare and emergency services | Exposure of paramedics’ mobile numbers, rostering status, and other private information on an intranet page | Internal error (negligence in securing intranet access) |
| 13 | Mt Hira College | Education | Leak of sensitive student data, including names, student IDs, classes, email addresses, and unencrypted passwords of approximately 750 students | Hacker using the alias |
| 14 | SSS Australia | Healthcare supplies distribution | Leak of 67.1 GB of data including 60,225 files with customer sales files, invoices, and marketing material | Hunters International ransomware gang |
May 2024
| No | Affected Company | Industries | Data breach Details | Threat Actor |
|---|---|---|---|---|
| 1 | Qantas | Aviation | Users could access other customers’ booking information, account details, and make changes to their flights | Technical issue caused by recent system changes, not a cyber attack |
| 2 | Multiple companies, including Cutout.Pro and Pandabuy | Various online services | 1.8 million Australian user accounts compromised in Q1 2024, exposing emails, passwords, and financial information | Not specified |
| 3 | Outabox (IT provider for NSW clubs) | Hospitality (licensed clubs) | Personal information of over 1 million NSW club customers exposed, including drivers license details and club membership information | A 46-year-old man from Fairfield West arrested in connection with the breach |
| 4 | ZircoDATA | Data management and record storage | 395 gigabytes of sensitive data exposed, including historical records from family violence and sexual assault support units | Black Basta ransomware gang |
| 5 | Dell | Computer hardware manufacturing | Customer names, addresses, hardware purchase details, warranty information, and service tags of up to 49 million customers exposed | A hacker known as Menelik |
| 6 | Sumo Energy | Energy and internet services | Customer names, addresses, dates of birth, phone numbers, credit scores, passport details, Medicare numbers, and driver’s license information compromised | An “unknown person” via a third-party file storage application hack |
| 7 | MediSecure | Healthcare | Large-scale ransomware attack and data breach affecting personal and health information of individuals | Unknown (no threat actor has claimed responsibility yet) |
| 8 | Western Sydney University (WSU) | Higher education | Unauthorized access to student information including personal details, academic records, and contact information of at least 7,500 individuals | Unidentified threat actor |
| 9 | MediSecure | Healthcare (e-prescription services) | Personal and health information of 12.9 million Australians exposed, including names, dates of birth, addresses, healthcare identifiers, Medicare numbers, and prescription details | Unidentified threat actor (ransomware attack) |
| 10 | OracleCMS | Call center services | Names, contact details, dates of birth, and summary of Nissan’s original breach information exposed | LockBit ransomware gang |
| 11 | Advance Press | Printing | Alleged theft of 300GB of data including employment contracts, résumés, insurance documents, expenses, budgets, and profit/loss margins | Ransom House extortion group |
| 12 | Ticketmaster and Live Nation | Entertainment and event ticketing | Alleged theft of 1.3 terabytes of data containing personal and financial information of 560 million customers | ShinyHunters hacking group |
| 13 | Shell | Oil and gas | 80,000 rows of customer data from multiple countries exposed, including personal and loyalty program information | Threat actor known as “888” |
| 14 | Ticketek Australia | Ticketing and event management | Customer names, dates of birth, and email addresses potentially exposed from a third-party cloud platform | Unspecified; incident described as a “cyber incident” affecting a third-party cloud provider |
June 2024
| No | Affected Company | Industries | Data breach Details | Threat Actor |
|---|---|---|---|---|
| 1 | Northern Minerals | Rare-earth metals, mining | Exfiltrated operational, financial, personal, and strategic data | Bian Lian ransomware gang |
| 2 | Panasonic Australia | Consumer electronics, technology | No confirmed data breach; Akira claims to have stolen project and confidential agreement data | Akira ransomware gang |
| 3 | Victorian Freight Specialists | Logistics, freight transportation | 846GB of corporate, accounting, sales, customer, agent, and freight databases allegedly stolen | GhostR hacking group |
| 4 | Patties Foods | Food services, consumer goods | No confirmed breach; a third-party data exposure with no evidence of malicious access | No known threat actor; data exposure linked to Provenio.ai’s third-party service |
| 5 | City of Moreton Bay Council | Government, public services | Accidental exposure of ratepayer names, phone numbers, addresses, emails, and complaints online | No known threat actor; caused by a third-party provider’s system issue |
| 6 | Legrand CRM | CRM software, technology | Unknown; ransomware gang claims attack, but data theft is unclear | Hunters International ransomware gang |
| 7 | Iluka Resources (recent attack), Northern Minerals (previous attack) | Rare-earth minerals, mining | Iluka Resources faced a DoS attack with no data breach; Northern Minerals suffered ransomware with stolen operational, financial, R&D, and employee data | Iluka Resources attacker unknown; Northern Minerals attacked by Bian Lian ransomware gang |
| 8 | Victoria Racing Club (VRC) | Horse racing, gaming, entertainment | 128.1GB of data stolen, including financial details, customer invoices, marketing data, and personal information | Medusa ransomware gang |
| 9 | North Coast Petroleum | Fuel distribution | 71.5GB of data stolen, including invoices, driver’s licence scans, passport details, and bank account details | Medusa ransomware gang |
| 10 | Victorian government departments | Government | Supplier bank details altered in a central database due to cyber attacks | Unknown hackersHey You |
| 11 | Hey You | Food & Beverage, Technology | Personal details of over 100,000 customers leaked, including emails, passwords, names, and phone numbers | |
| 12 | Levi Strauss & Co (Levi’s) | Fashion, Retail | 72,000 customer accounts affected, with potential exposure of personal and financial details | Unknown threat actors using a credential stuffing attack |
| 13 | TeamViewer | Technology, Remote Access Software | Suspicious activity detected, no customer data or product environment affected | APT29 (Cozy Bear), a Russian APT group |
| 14 | Evolve Bank & Trust | Banking, Financial Technology | Stolen personal identification information (PII), including name, SSN, birthdate, and account information | LockBit ransomware gang |
July 2024
| No | Affected Company | Industries | Data breach Details | Threat Actor |
|---|---|---|---|---|
| 1 | Harry Perkins Institute of Medical Research | Healthcare, Medical Research | Leaked 4.6TB of internal video camera footage | Medusa ransomware gang |
| 2 | Optimum Allied Health (OAH) | Healthcare | Compromise of personal information, including Australian and foreign passports | Unknown attackers (cyber incident) |
| 3 | MediSecure | Healthcare | Exposure of prescription information of 12.9 million Australians | Unknown attackers (ransomware gang) |
| 4 | Royal Brighton Yacht Club (RBYC) | Leisure (Yacht Club) | Exposure of personal data, financial information, and internal documents of members and employees | Medusa ransomware gang |
| 5 | Roblox (via FNTech vendor) | Online gaming | Exposure of registered names, emails, and IP addresses of conference attendees | Unknown threat actor (via FNTech vendor) |
| 6 | City of Ballarat (via OracleCMS third-party service) | Local government services | Exposure of first names, last names, addresses, and phone numbers of 52 residents | OracleCMS (third-party service provider) |
| 7 | Healthed | Healthcare education | Exposure of names, addresses, postal addresses, and mobile phone numbers of seminar participants | Third-party contractor |
| 8 | Wattle Range Council | Local government | Theft of 40,000+ files, including sensitive documents like tax invoices, rate notices, and credit card numbers | LockBit ransomware gang |
| 9 | Insula Group | IT services, construction, finance | Stolen 400GB of data, including client data, internal documents, and company source code | BianLian ransomware gang |
August 2024
| No | Affected Company | Industries | Data breach Details | Threat Actor |
|---|---|---|---|---|
| 1 | Kempe Engineering | Engineering (recycling, oil and gas, power generation, rail) | Stolen 4TB of data, including financial records, customer data, staff personal details, and proprietary business information | RansomHub ransomware gang |
| 2 | Hudson Civil Engineering | Civil construction, infrastructure, mining, building, irrigation, water/wastewater | Stolen 112 gigabytes of data (no details provided on the nature of the data) | RansomHub ransomware gang |
| 3 | FlightAware | Aviation, flight tracking, aerospace | Exposed personal information including user IDs, passwords, contact details, flight activity, and more | Configuration error, no malicious actor identified |
| 4 | Adreno | Retail (Dive Equipment) | Exposed personal data of 536,000 customers, including names, emails, phone numbers, addresses, and loyalty program details | A hacker known as “worry” |
| 5 | Engedi | Disability support (NDIS provider) | Exposed staff data, including passport scans, identity documents, and a credit card scan | Rhysida ransomware gang |
| 6 | Myelec Electrical Wholesalers | Electrical wholesaling | Names, email addresses, confidential business information, and other personal details potentially compromised | Lynx ransomware gang |
| 7 | Meli | Community support services, childcare, foster care | 419,617 files totalling 215 gigabytes of data stolen, including financial statements, confidentiality agreements, and personal identification documents | Qilin ransomware gang |
| 8 | Regent Caravans | Luxury caravan manufacturing and dealership | 30 gigabytes of data stolen, including CAD files, ordering details, employee ID card photos, HR information, and some financial data | RansomHub ransomware gang |
September 2024
| No | Affected Company | Industries | Data breach Details | Threat Actor |
|---|---|---|---|---|
| 1 | Australian Cancer Research Foundation (ACRF) | Charity, cancer research | Unauthorized access to network and email inboxes, potentially exposing donor personal information, contact details, donation histories, and possibly bank and credit card details | A malicious actor via a compromised email account |
| 2 | Swinburne University of Technology Sarawak Campus | Higher education | 366 gigabytes of data stolen, including passport scans, student data, invoices, bank account details, and personal information | RansomHub ransomware gang |
| 3 | White Mountain Backpacks | Backpack manufacturing and retail | 20 documents stolen, including trust account statements, receipts, signed documents, and spreadsheets | Rhysida ransomware gang |
| 4 | Protecta Australia | Flooring and service protection | Customer database containing data of 74,373 customers allegedly exfiltrated | Threat actor known as “agreindex” |
| 5 | Avis | Car rental | Customer names and other sensitive data exfiltrated, affecting 299,006 customers | Unknown threat actors |
| 6 | BSG Australia | Bingo and fundraising supplies, hospitality | 79 gigabytes of data stolen, including bank statements, pay rates, pricing documents, and a passport scan | RansomHub ransomware gang |
| 7 | Fortinet | Cybersecurity | Limited data of a small number of customers accessed through a third-party cloud-based shared file drive | An unidentified individual threat actor |
| 8 | Power Diary | Healthcare practice management software | Spam emails sent to patients appearing to come from their healthcare providersUnauthorized hackers | Unauthorized hackers |
| 9 | Compass Group Australia | Food and support services | 785.5 gigabytes of data stolen, including wage declarations, passport scans, driver’s licenses, and internal documents | Medusa ransomware gang |
| 10 | Total Tools | Hardware and tool retail | Data of 38,000 customers compromised, including names, log-on details, email addresses, and credit card information | Unspecified cyber attackers |
| 11 | Temu | E-commerce, digital marketplace | No actual breach occurred; claims were false | A threat actor named “smokinthashit” made false claims |
| 12 | Dell | Technology, computer hardware and software | Employee data of 10,800 employees leaked, including IDs, names, status; 3.5GB of internal data compromised in second breach | Threat actors “grep” and “Chucky” |
| 13 | Nikpol | Interior solutions, hardware, decorative surfaces, and appliances for renovation, RV, and building industries | 6 gigabytes of data stolen, including employee personal information, financial documents, and contracts | RansomHub ransomware gang |
| 14 | digiDirect | Consumer electronics and computing retail | 304,000 customer records stolen, including names, emails, phone numbers, addresses, and other personal information | Threat actors “Tanaka” and “Chucky” |
| 15 | I-MED | Medical imaging | Tens of thousands of patient files exposed, including medical reports, scan images, names, addresses, and other personal information | An anonymous intruder using credential stuffing attack |
| 16 | Fortinet | Cybersecurity | Unauthorized access to a small number of files in third-party cloud storage, affecting less than 0.3% of customers | A threat actor identified as “Fortibitch” |
October 2024
| No | Affected Company | Industries | Data breach Details | Threat Actor |
|---|---|---|---|---|
| 1 | Deloitte | Consulting, professional services | Internal communications, email addresses, and intranet user data allegedly leaked, but no client data compromised | IntelBroker, leader of the CyberN—–s ransomware gang |
| 2 | Funlab | Entertainment | Limited employee data accessed, no guest data compromised | Lynx ransomware gang |
| 3 | Road Distribution Services | Transport and logistics | Internal documents, employee medical information, and client data stolen | Sarcoma ransomware gang |
| 4 | Qantas | Aviation, airline | Passport data of nearly 1000 customers potentially compromised, frequent flyer points stolen from over 800 bookings | Two rogue employees of India SATS, a third-party ground handler for Qantas in India |
| 5 | Perfection Fresh | Fresh produce | 690 gigabytes of data stolen, including internal and confidential documents | Sarcoma ransomware gang |
| 6 | The Plastic Bag Company | Manufacturing (plastic bags) | 3.6 gigabytes of data stolen, including tax returns, wage details, insurance documents, and passport scans | Sarcoma ransomware gang |
| 7 | Internet Archive | Digital library and web archiving | 31 million user records exposed, including email addresses, screen names, and bcrypt password hashes | Unknown threat actors, with Russia-based group SN_BLACKMETA claiming responsibility for DDoS attacks |
| 8 | MoneyGram | Money transfer and financial services | Customer personal information and transaction data stolen, including names, contact details, identification numbers, and financial information | An unauthorized third party (specific threat actor not identified) |
| 9 | Western Sydney UniversityHigher education | Higher education | Personal data of students accessed, including names, addresses, email addresses, student IDs, tuition information, admission and enrollment data, and demographic details | Unknown sophisticated threat actor |
| 10 | Meshworks | Steel fabrication | 8 gigabytes of data stolen, including business documents, supplier information, leave hours, and financial detailsSarcoma ransomware gang | Sarcoma ransomware gang |
| 11 | Internet Archive | Digital library and web archiving | 31,081,179 user records exposed, including email addresses, screen names, and bcrypt password hashes | Unknown threat actors for data breach; Russia-based group SN_BLACKMETA claiming responsibility for DDoS attacks |
| 12 | Indonesia’s Immigration department | Government, travel and tourism | Passport details and personal information of Australian travelers exposed to strangers due to e-visa system glitch | Not a deliberate attack; caused by a technical glitch in Indonesia’s electronic visa system |
| 13 | The Plastic Bag Company | Manufacturing (plastic bags) | 3.6 gigabytes of data stolen, including tax returns, wage details, insurance documents, and passport scans | Sarcoma ransomware gang |
| 14 | Cisco | Technology, networking hardware and software | Large amounts of data allegedly stolen, including source code, credentials, and confidential documents of Cisco and its customers | Threat actor IntelBroker |
| 15 | Ultra Tune | Automotive services and roadside assistance | 3 gigabytes of sensitive data stolen, including employee records, customer contact information, driver’s licenses, passports, and medical certificates | Fog ransomware group |
| 16 | IBM | Technology and consulting | 17,500 rows of employee data allegedly accessed, including names, mobile numbers, and country codes | Threat actor known as “888” |
November 2024
| No | Affected Company | Industries | Data breach Details | Threat Actor |
|---|---|---|---|---|
| 1 | Australian Nursing Home Foundation | Aged care, community care | 1.5 terabytes of uncompressed data allegedly stolen | Abyss ransomware gang |
| 2 | ANU Enterprise (ANUE) | Higher education, research commercialization | Encryption and exfiltration of files from ANUE IT systems | ThreeAM ransomware gang |
| 3 | Nokia | Telecommunications, consumer electronics | Source code, SSH keys, RSA keys, Bitbucket logins, SMTP accounts, and credentials allegedly stolen from a third-party contractor | IntelBroker, leader of the CyberN—–s threat group |
| 4 | Goodline | Engineering, construction, and maintenance services | 600 gigabytes of back-end data exfiltrated, no personal data of employees or clients compromisedRansomHub threat group | RansomHub threat group |
| 5 | Cisco | Technology, networking hardware and software | Data from a public-facing DevHub environment, including source code, credentials, and confidential files, was exfiltrated | IntelBroker, leader of the CyberN—–s threat group |
| 6 | Schneider Electric | Energy management and industrial automation | 40GB of compressed data stolen, including 400,000 rows of user data, email addresses, and JIRA account information | HELLCAT ransomware gang (associated with threat actor “greppy”) |
| 7 | Followmont Transport | Transport and logistics | 230 gigabytes of data allegedly stolen, including NDAs, passports, driver licenses, medical documents, and financial information | Akira ransomware gang |
| 8 | JewishCare NSW | Healthcare | Comprehensive data breach affecting clients, staff, volunteers, donors, and suppliers, with sensitive personal, financial, and medical information compromised | Unknown threat actor |
| 9 | Micon Office National | Office furniture supplier | 34 gigabytes of data exfiltrated, including files, SQL databases, and emails from an Exchange server | Sarcoma ransomware gang |
| 10 | ADT Freight Services | Transportation, logistics, and customs services | 2 gigabytes of SQL files stolen | Sarcoma ransomware gang |
| 11 | Waive | RegTech, ASIC compliance services | 30 gigabytes of data exfiltrated, including client personal and financial information | RansomHub ransomware gang |
| 12 | Snow Brand Australia | Dairy supplier | 24 gigabytes of data stolen, including financial records, employee information, and business partner details | SafePay ransomware gang |
| 13 | Telstra | Telecommunications | Data of 47,300 employees stolen, including names, email addresses, physical addresses, and work-related details | Threat actor “UnicornLover67” |
| 14 | Finsure | Mortgage broking | 296,124 email addresses, names, phone numbers, and physical addresses exposed | A cyber security researcher accessed data via compromised credentials on a third-party platform (ActivePipe) |
| 15 | Coroners Court of Victoria and Tasmanian Chamber of Commerce and Industry | Government agencies and various organizations | Website outages and denial-of-service attacks, no unauthorized access to systems or records reported | No Name ransomware gang |
| 16 | Multiple companies, including Amazon, HSBC, McDonald’s, and others | Technology, finance, retail, healthcare, and more | Employee data such as names, titles, phone numbers, email addresses, and role information leaked | Threat actor “Nam3L3ss” exploiting MOVEit vulnerability |
December 2024
| No | Affected Company | Industries | Data breach Details | Threat Actor |
|---|---|---|---|---|
| 1 | Nicholsons Solicitors | Legal services | At least 250 gigabytes of client data exposed, including correspondence, court documents, bank details, and property deeds | INC Ransom ransomware gang |
| 2 | Thanks For the Help (TFTH) | Educational support services | Unspecified amount of data exfiltrated, 1% already published | KillSec ransomware gang |
| 3 | Ainsworth Game Technology | Gaming machine manufacturing | 852.4 gigabytes of data stolen, including business documents, employee information, and confidential data | Medusa ransomware group |
| 4 | Waverley Christian College | Education | 5 gigabytes of data stolen,including financial documents, insurance information, and internal correspondence | Fog ransomware group |
| 5 | WACER and Fresh Produce Safety Centre Australia & New Zealand | Commercial cleaning and food safety | Less than 20 megabytes of data leaked, mostly publicly available information | Funksec ransomware gang |