2025 Data Breach lists
The Complete List of Data Breaches in Australia
January 2025
February 2025
March 2025
April 2025
May 2025
June 2025
July 2025
August 2025
Sep 2025
Oct 2025
Nov 2025
Dec 2025
January 2025
| No | Affected Company | Industries | Data breach Details | Threat Actor |
|---|---|---|---|---|
| 1 | MediSecure | Healthcare | Exposed personal and health information of 12.9 million Australians, including names, birth dates, addresses, Medicare numbers, and prescription details. | The exact perpetrator is unknown, but likely a sophisticated cybercriminal group using ransomware techniques. |
| 2 | Cyberhaven | Browser security and software development | Attackers hijacked authenticated sessions, exfiltrating sensitive company credentials from over 400,000 users. | Likely cybercriminals using an OAuth-based phishing attack to compromise Chrome Extensions. |
| 3 | Volkswagen (including Audi, Skoda, and Seat) | Automotive and technology | Exposed data of 800,000 EV owners, including names and precise vehicle geolocation. | A misconfiguration in Volkswagen’s software subsidiary, Cariad, left the data exposed (discovered by the Chaos Computer Club). |
| 4 | Evidn | Applied behavioral science and government consultancy | Hackers claim to have stolen 50GB of data, potentially affecting government and private sector clients. | Everest ransomware gang, a Russian-speaking cybercriminal group. |
| 5 | Spectrum Medical Imaging | Healthcare and medical imaging | Exfiltrated financial and customer data, including names and medical information | INC Ransom, a ransomware group |
| 6 | ARDEX Australia | Tiling, flooring, and waterproofing | Exfiltrated business documents, personal data, emails, and confidential information | Medusa ransomware gang |
| 7 | Austin’s Financial Solutions | Wealth management and financial services | 147GB of stolen data, including employee passports, payroll data, and contracts | Kairos ransomware gang |
| 8 | Globelink International | Freight forwarding | 22GB of stolen data, including company debtors, creditors, and internal documents | Qilin ransomware operation |
| 9 | DBG Health (including Arrotex Pharmaceuticals) | Pharmaceuticals, Healthcare | 2.5TB of stolen data, including patient information, employee details, and business plans | Morpheus ransomware gang |
| 10 | University of New South Wales (UNSW) School of Physics | Education | Cyber attack on website, no specific impact detailed | RipperSec hacking group |
| 11 | Novati Constructions | Construction | Stolen contracts, financial data, incidents, emails, and client correspondence | Lynx ransomware gang |
| 12 | Unique Cars and Parts | Automotive (Car Parts) | No specific details provided; website targeted | RipperSec hacking group |
| 13 | Muswellbrook Shire Council | Local government, mining, agriculture, equine, electricity production, and tourism | 175GB of stolen data including council correspondence, rate payments, and personal information of employees and residents | Ransomware gang SafePay, suspected to be Russian-speaking or based in Russia |
| 14 | Christian Community Aid (CCA) | Not-for-profit charity providing community support services. | Stolen data includes various file types (.jpg, .mp4, .xls, etc.), though the volume is unspecified. | Ransomware gang Space Bears, suspected to be based in Russia |
| 15 | JB Hi-Fi (falsely claimed) | Retail (home entertainment and technology). | No actual breach; the data sample matched a 2023 Dymocks incident. | Threat actor “LordAbe,” known for selling recycled public leaks |
| 16 | Clutch Industries. | Automotive manufacturing. | 350GB of stolen data, including employee records, business documents, financial information, shared user folders, engineering documents, and sales data. | Lynx ransomware group |
February 2025
| No | Affected Company | Industries | Data breach Details | Threat Actor |
|---|---|---|---|---|
| 1 | Natures Organics | Sustainable goods manufacturing (personal care and household products) | 142.85GB of stolen data, including passport and driver’s license scans, bank transaction histories, employee payslips, and internal communications | Medusa ransomware group |
| 2 | Regency Media (defunct since 2023) | Media production (discs, VHS, and audio cassettes) | 16GB of stolen data, including NDAs, driver’s licenses, passports, contact details, and financial data. | Akira ransomware group |
| 3 | Australian National University (ANU) | Education and research | Alleged theft of student and teacher data, but no evidence of an active ransomware threat was found | FSociety ransomware group |
| 4 | Albright Institute of Language and Business | Education (private training organization) | Stolen data includes passport scans, visa application documents, study offer letters, payment plans, and detailed student records (e.g., names, IDs, emails, results) | KillSec ransomware group |
| 5 | Brown and Hurley | Truck and trailer dealership | 170GB of stolen data, including HR documents, business contracts, customer data, and financial information | Lynx ransomware group |
| 6 | Genea Fertility | Healthcare (IVF and fertility services) | 940.7GB of stolen data, including personal and medical information such as names, Medicare numbers, medical histories, test results, and prescriptions | Termite ransomware group |
| 7 | Pound Road Medical Centre (PRMC) | Healthcare (medical services) | Stolen patient data, including Medicare and pension card details, medical records, personal information, and CCTV footage | Anubis ransomware group |
| 8 | Riverina Medical and Dental Aboriginal Corporation (RivMed) | Healthcare (Aboriginal and Torres Strait Islander services) | Potential access to personal and sensitive data; exact details under investigation | INC Ransom ransomware group |
March 2025
| No | Affected Company | Industries | Data breach Details | Threat Actor |
|---|---|---|---|---|
| 1 | Zurich Insurance Group | Insurance | Allegedly stolen 1,400 sensitive internal files, including financial documents, contracts, agreements, and communications. | Threat actor “Rey” |
| 2 | Wendy Wu Tours | Tourism and travel | Stolen data includes valid passport scans, pre-travel forms with personal details, emergency contacts, and frequent flyer numbers | KillSec ransomware group |
| 3 | Australian New Zealand Clinical Trials Registry (ANZCTR) | Medical research / Clinical trials | Cyberattack exposed user passwords and contact information; no health data compromised | Unknown / Not publicly identified |
| 4 | CI Scientific (rebranding as CISCAL) | Laboratory and industrial equipment supply, calibration services | 81GB of data including business contracts, financial, and HR information was allegedly stolen | Lynx ransomware gang |
| 5 | Brydens Lawyers | Legal services / Law firm | Over 600GB of case, client, and staff data was stolen during a ransomware attack in February 2025Unnamed foreign threat actor; no ransomware group has claimed responsibility yet | Unnamed foreign threat actor; no ransomware group has claimed responsibility yet |
| 6 | TFE Hotels Group | Hospitality / Hotel management | Cyberattack disrupted operations and may have impacted historical data, though no credit card details were stored | Unknown / No group has claimed responsibility yet |
| 7 | NSW Department of Communities and Justice (DCJ) | Government / Legal and Justice | Around 9,000 sensitive court files were unlawfully accessed via the NSW Online Registry websiteAn unidentified hacker who exploited the system using a Python script | An unidentified hacker who exploited the system using a Python script |
| 8 | Sydney Tools | Retail / Hardware and DIY supplies | Over 34 million customer records and 5,000 employee records were exposed due to an unprotected Clickhouse database | No confirmed threat actor |
| 9 | Vroom by YouX (formerly Drive IQ) | Financial Technology (Fintech) / Automotive Financing | 27,000 records including driver’s licenses, bank statements, and other PII were exposed via an unprotected AWS S3 database | No confirmed threat actor |
April 2025
| No | Affected Company | Industries | Data breach Details | Threat Actor |
|---|---|---|---|---|
| 1 | 13cabs | Transportation / Ride-hailing Services | User accounts were compromised, exposing usernames, addresses, phone numbers, and Taxi Subsidy Scheme eligibility | Unknown – no threat actor |
| 2 | Hexicor, an IT services firm based in Brisbane | IT services, cybersecurity, unified communications, and network services. | The KillSec ransomware gang attacked Hexicor, stealing data including client folders, Mitel MiCollab backups, hashed passwords, and other security data, and is offering to sell the stolen data. | KillSec, a ransomware group |
| 3 | Rest, HostPlus, Australian Retirement Trust, AustralianSuper | Superannuation and pension funds. | Hackers targeted superannuation funds, compromising thousands of user accounts, particularly those in the pension drawdown phase, and accessing personal data such as names, email addresses, and member numbers. | Cyber criminals using credential stuffing attacks, attempting fraud and targeting pensioner accounts for withdrawal manipulation. |
| 4 | Western Sydney University (WSU) | Higher education | Unauthorized access to current and former student accounts, compromising data such as enrolment, progression, demographic details, and tuition fee information. Approximately 10,000 students were impacted | Unspecified cybercriminals targeting WSU, with previous incidents also linked to the dark web |
| 5 | The Fullerton Hotels and Resorts | Hospitality | Ransomware attack leading to the exfiltration of 148 GB of data, including employee records, passports, driver’s licenses, credit card details, financial data, and more | Akira ransomware gang |
| 6 | Hertz | Car Rental | A vendor cyberattack led to the theft of Hertz customer names, dates of birth, contact information, driver’s licenses, payment card info, and some Social Security and government IDs | Clop ransomware gang |
May 2025
| No | Affected Company | Industries | Data breach Details | Threat Actor |
|---|---|---|---|---|
| 1 | Watkins Steel (Brisbane-based steel subcontractor) | Mining, building, and construction | 17GB of sensitive data stolen, including employee and client info | Akira ransomware group claimed responsibility; investigation ongoing |
| 2 | Australian Human Rights Commission (AHRC) | Government, human rights, and public sector | Around 670 documents with personal information were accidentally exposed online, with about 100 accessed via search engines between April and May 2025 | No malicious actor |
| 3 | MKA Accountants, a Victorian accounting firm | Financial services and accounting | Internal documents, including correspondence, financial statements, and insurance information, were leaked online after a ransomware attack discovered on 15 May 2025 | Qilin ransomware group claimed responsibility and published evidence on the dark web |
| 4 | Legal Practice Board of Western Australia | Public sector legal regulation and professional oversight | Hackers exfiltrated 300GB of data, including limited contact details, correspondence, and bank account information, with threats to publish it | The Dire Wolf ransomware group, a newcomer using double-extortion tactics, claimed responsibility for the attack |
| 5 | 3P Corporation | Financial services, including accounting, tax, financial planning, legal advice, and HR services | Over 200GB of internal documents and customer data, including tax documents, bank details, employee pay slips, and personal information of more than 4,500 clients, were published online by hackers | The Space Bears ransomware group claimed responsibility for the attack |
June 2025
| No | Affected Company | Industries | Data breach Details | Threat Actor |
|---|---|---|---|---|
| 1 | Skeggs Goldstien | Financial services (tax, accounting, wealth management, business advice, estate and retirement planning) | Hackers stole 500GB of data, including client details and tax returns, and threatened to publish it on the dark web | The Qilin ransomware gang, likely based in eastern Europe, claimed responsibility for the attack |
| 2 | Pressure Dynamics | Hydraulics, oil and gas, offshore production, and defence. | Hackers published 106.84GB of data, including engineering documents, operations reports, and employee medical records. | The DragonForce ransomware group, operating as a ransomware-as-a-service, claimed responsibility for the attack. |
| 3 | Vertel | ICT and telecommunications services for public and private sectors | Hackers exfiltrated SQL databases, client personal information, and financial documents, threatening to publish the data | The Space Bears ransomware group claimed responsibility for the attack |
July 2025
| No | Affected Company | Industries | Data breach Details | Threat Actor |
|---|---|---|---|---|
| 1 | Qantas | Airline/Aviation industry | A call centre cyber attack exposed up to 6 million customer records including names, emails, phone numbers, birth dates, and frequent flyer numbers | Suspected group is Scattered Spider, known for social engineering and MFA bypass techniques. |
| 2 | O&G (Obstetrics and Gynaecology), Adelaide-based women’s healthcare centre. | Healthcare / Women’s Health / Fertility Services. | 77GB of sensitive patient data including medical histories, Medicare details, and contact info was exfiltrated. | Kairos ransomware group |
| 3 | Office of the Migration Agents Registration Authority (OMARA) | Government / Immigration Services | An accidental website flaw exposed internal documents of six registered migration agents, including names and business contacts | No threat actor involved — the breach was accidental and not malicious |
| 4 | United Australia Party (UAP) and Trumpet of Patriots | Political / Government | Ransomware attack exposed emails, personal data, documents, and potentially sensitive member information | Unknown ransomware group (no actor has claimed responsibility) |
| 5 | Ingram Micro Holding Corporation | Information Technology / IT Distribution | Ransomware attack impacted internal systems, causing system outages and operational disruptions | Not yet disclosed or identified |
| 6 | Louis Vuitton | Luxury Retail / Fashion | Unauthorised access on 2 July exposed some customer information, excluding financial data and passwords | Suspected group is ShinyHunters, though not officially confirmed |
| 7 | Metricon Homes | Construction / Home Building | Ransomware attack exfiltrated 128GB of sensitive data, including financial documents, architectural plans, and employee details | Qilin ransomware group |
August 2025
| No | Affected Company | Industries | Data breach Details | Threat Actor |
|---|---|---|---|---|
| 1 | Belmont Christian College, owned by Belmont Baptist Church, NSW | Education | Alleged ransomware attack with exfiltration of student, staff, payment, and donation records | Qilin ransomware gang |
| 2 | iiNet (owned by TPG Telecom) | Telecommunications / Internet Service Provider (ISP). | Compromise of order management system exposing ~280,000 email addresses, ~20,000 phone numbers, ~10,000 usernames/addresses, and ~1,700 modem setup passwords. | Unknown third party (no group has claimed responsibility). |
| 3 | Scotch College, Melbourne | Education (Private School) | Cyberattack exposed sensitive data of families and alumni, leading to server shutdowns and forensic investigation. | Not disclosed. |
Sep 2025
| No | Affected Company | Industries | Data breach Details | Threat Actor |
|---|---|---|---|---|
| 1 | Loyola College, Watsonia, Victoria | Education | 591 GB of data including 430,000+ files with passports, financial records, tax details, and court orders leaked on the dark web. | Interlock ransomware gang |
| 2 | BMW (via third-party provider change2target) | Automotive / Manufacturing. | Leak of internal quality and safety audit documents, reports, emails, and staff details from 2021–2025. | Everest ransomware group. |
Oct 2025
| No | Affected Company | Industries | Data breach Details | Threat Actor |
|---|---|---|---|---|
| 1 | Western Sydney University (WSU) | Education / Higher Education (University Sector) | Fraudulent emails were sent to students and alumni using compromised or spoofed accounts, falsely claiming degree revocation and exclusion, with concerns that personal data such as student numbers may have been accessed. | Unknown cybercriminal(s), with indications of possible internal exploitation or unauthorised access being investigated by NSW Police Cybercrime Squad. |
| 2 | Asahi Group (including Asahi Lifestyle Beverages) | Manufacturing, Food & Beverage, Brewing. | A Qilin ransomware affiliate allegedly exfiltrated 27GB of data, including financial documents, contracts, and employee personal information, impacting operations and exposing some Australian employee data. | Qilin ransomware-as-a-service (RaaS) affiliate |
| 3 | Community Based Support Ltd (CBS Tasmania) | Aged Care, Disability Services, Not-for-Profit | The Lynx ransomware gang allegedly copied a subset of staff and limited client data, including personal, ID, address, and financial information, with samples posted on a dark web leak site. | Lynx ransomware group. |
| 4 | VETtrak (owned by ReadyTech), Melbourne-based student management software provider | Education Technology (EdTech), Software, Student Management Systems. | A cyber attack caused platform outages and service isolation, with investigations ongoing and potential data impact unconfirmed. | Unknown (suspected Lynx ransomware gang, not officially confirmed). |
| 5 | Benedict Industries Group (Benedict) | Recycling, Landscaping Resources, Construction Materials. | INC Ransom allegedly exfiltrated and published 270GB of data, including HR records, payroll, workers’ compensation details, and other employee personal information. | INC Ransom ransomware group. |
| 6 | Western Sydney University (WSU) | Education / Higher Education. | Hackers accessed WSU’s cloud-hosted student management system via third- and fourth-party systems, exfiltrating highly sensitive data including tax file numbers, passport details, payroll, banking, and health information. | Unknown external threat actors exploiting third-party systems (not currently linked to the former student previously charged). |
Nov 2025
| No | Affected Company | Industries | Data breach Details | Threat Actor |
|---|---|---|---|---|
| 1 | Point Lonsdale Medical Group | Healthcare / Medical Services. | An email account was compromised via phishing, allowing unauthorised access to a small number of emails containing patient personal and health information, with no evidence of data exfiltration. | Unknown |
| 2 | Sydney Centre for Ear, Nose & Throat | Healthcare / Medical Specialist Services | A reception email account was compromised and used to send phishing emails, potentially exposing patient information contained in email communications such as appointment and treatment details. | Unknown |
| 3 | Kelly Legal (Queensland-based law firm). | Legal Services / Professional Services. | INC Ransom claims to have exfiltrated over 447GB of data, including contracts, financial records, customer information, and HR files, following an October hacking incident. | INC Ransom ransomware group.IKAD Engineering |
| 4 | IKAD Engineering | Engineering, Defence Supply Chain, Marine, Industrial, Mining, Oil & Gas | The J Group ransomware gang allegedly exfiltrated up to 800GB of data after exploiting a vulnerable legacy VPN, with long-term “living-off-the-land” access impacting contract, project, and internal HR information. | J Group ransomware gang. |
Dec 2025
| No | Affected Company | Industries | Data breach Details | Threat Actor |
|---|---|---|---|---|
| 1 | IKAD Engineering and multiple Australian defence supply chain contractors involved in the Redback IFV program | Defence, aerospace, military manufacturing, and critical infrastructure. | Approximately 800GB of sensitive defence-related data, including weapons programs, naval contracts, and project materials, was exposed or exfiltrated. | Cyber Toufan group and the J Group ransomware gang. |
| 2 | BECKS Group Australia (BECKS jewellery). | Jewellery manufacturing, luxury goods, and retail services. | Data was allegedly exfiltrated, with some information—potentially including personal data—likely compromised. | SafePay ransomware group. |
| 3 | The University of Sydney. | Higher education and research. | Personal data of over 13,000 individuals (staff, donors, alumni) was exfiltrated from an online code library. | Unknown (not publicly attributed). |