2025 Data Breach lists
The Complete List of Data Breaches in Australia
January 2025
February 2025
March 2025
April 2025
May 2025
June 2025
January 2025
| No | Affected Company | Industries | Data breach Details | Threat Actor |
|---|---|---|---|---|
| 1 | MediSecure | Healthcare | Exposed personal and health information of 12.9 million Australians, including names, birth dates, addresses, Medicare numbers, and prescription details. | The exact perpetrator is unknown, but likely a sophisticated cybercriminal group using ransomware techniques. |
| 2 | Cyberhaven | Browser security and software development | Attackers hijacked authenticated sessions, exfiltrating sensitive company credentials from over 400,000 users. | Likely cybercriminals using an OAuth-based phishing attack to compromise Chrome Extensions. |
| 3 | Volkswagen (including Audi, Skoda, and Seat) | Automotive and technology | Exposed data of 800,000 EV owners, including names and precise vehicle geolocation. | A misconfiguration in Volkswagen’s software subsidiary, Cariad, left the data exposed (discovered by the Chaos Computer Club). |
| 4 | Evidn | Applied behavioral science and government consultancy | Hackers claim to have stolen 50GB of data, potentially affecting government and private sector clients. | Everest ransomware gang, a Russian-speaking cybercriminal group. |
| 5 | Spectrum Medical Imaging | Healthcare and medical imaging | Exfiltrated financial and customer data, including names and medical information | INC Ransom, a ransomware group |
| 6 | ARDEX Australia | Tiling, flooring, and waterproofing | Exfiltrated business documents, personal data, emails, and confidential information | Medusa ransomware gang |
| 7 | Austin’s Financial Solutions | Wealth management and financial services | 147GB of stolen data, including employee passports, payroll data, and contracts | Kairos ransomware gang |
| 8 | Globelink International | Freight forwarding | 22GB of stolen data, including company debtors, creditors, and internal documents | Qilin ransomware operation |
| 9 | DBG Health (including Arrotex Pharmaceuticals) | Pharmaceuticals, Healthcare | 2.5TB of stolen data, including patient information, employee details, and business plans | Morpheus ransomware gang |
| 10 | University of New South Wales (UNSW) School of Physics | Education | Cyber attack on website, no specific impact detailed | RipperSec hacking group |
| 11 | Novati Constructions | Construction | Stolen contracts, financial data, incidents, emails, and client correspondence | Lynx ransomware gang |
| 12 | Unique Cars and Parts | Automotive (Car Parts) | No specific details provided; website targeted | RipperSec hacking group |
| 13 | Muswellbrook Shire Council | Local government, mining, agriculture, equine, electricity production, and tourism | 175GB of stolen data including council correspondence, rate payments, and personal information of employees and residents | Ransomware gang SafePay, suspected to be Russian-speaking or based in Russia |
| 14 | Christian Community Aid (CCA) | Not-for-profit charity providing community support services. | Stolen data includes various file types (.jpg, .mp4, .xls, etc.), though the volume is unspecified. | Ransomware gang Space Bears, suspected to be based in Russia |
| 15 | JB Hi-Fi (falsely claimed) | Retail (home entertainment and technology). | No actual breach; the data sample matched a 2023 Dymocks incident. | Threat actor “LordAbe,” known for selling recycled public leaks |
| 16 | Clutch Industries. | Automotive manufacturing. | 350GB of stolen data, including employee records, business documents, financial information, shared user folders, engineering documents, and sales data. | Lynx ransomware group |
February 2025
| No | Affected Company | Industries | Data breach Details | Threat Actor |
|---|---|---|---|---|
| 1 | Natures Organics | Sustainable goods manufacturing (personal care and household products) | 142.85GB of stolen data, including passport and driver’s license scans, bank transaction histories, employee payslips, and internal communications | Medusa ransomware group |
| 2 | Regency Media (defunct since 2023) | Media production (discs, VHS, and audio cassettes) | 16GB of stolen data, including NDAs, driver’s licenses, passports, contact details, and financial data. | Akira ransomware group |
| 3 | Australian National University (ANU) | Education and research | Alleged theft of student and teacher data, but no evidence of an active ransomware threat was found | FSociety ransomware group |
| 4 | Albright Institute of Language and Business | Education (private training organization) | Stolen data includes passport scans, visa application documents, study offer letters, payment plans, and detailed student records (e.g., names, IDs, emails, results) | KillSec ransomware group |
| 5 | Brown and Hurley | Truck and trailer dealership | 170GB of stolen data, including HR documents, business contracts, customer data, and financial information | Lynx ransomware group |
| 6 | Genea Fertility | Healthcare (IVF and fertility services) | 940.7GB of stolen data, including personal and medical information such as names, Medicare numbers, medical histories, test results, and prescriptions | Termite ransomware group |
| 7 | Pound Road Medical Centre (PRMC) | Healthcare (medical services) | Stolen patient data, including Medicare and pension card details, medical records, personal information, and CCTV footage | Anubis ransomware group |
| 8 | Riverina Medical and Dental Aboriginal Corporation (RivMed) | Healthcare (Aboriginal and Torres Strait Islander services) | Potential access to personal and sensitive data; exact details under investigation | INC Ransom ransomware group |
March 2025
| No | Affected Company | Industries | Data breach Details | Threat Actor |
|---|---|---|---|---|
| 1 | Zurich Insurance Group | Insurance | Allegedly stolen 1,400 sensitive internal files, including financial documents, contracts, agreements, and communications. | Threat actor “Rey” |
| 2 | Wendy Wu Tours | Tourism and travel | Stolen data includes valid passport scans, pre-travel forms with personal details, emergency contacts, and frequent flyer numbers | KillSec ransomware group |
| 3 | Australian New Zealand Clinical Trials Registry (ANZCTR) | Medical research / Clinical trials | Cyberattack exposed user passwords and contact information; no health data compromised | Unknown / Not publicly identified |
| 4 | CI Scientific (rebranding as CISCAL) | Laboratory and industrial equipment supply, calibration services | 81GB of data including business contracts, financial, and HR information was allegedly stolen | Lynx ransomware gang |
| 5 | Brydens Lawyers | Legal services / Law firm | Over 600GB of case, client, and staff data was stolen during a ransomware attack in February 2025Unnamed foreign threat actor; no ransomware group has claimed responsibility yet | Unnamed foreign threat actor; no ransomware group has claimed responsibility yet |
| 6 | TFE Hotels Group | Hospitality / Hotel management | Cyberattack disrupted operations and may have impacted historical data, though no credit card details were stored | Unknown / No group has claimed responsibility yet |
| 7 | NSW Department of Communities and Justice (DCJ) | Government / Legal and Justice | Around 9,000 sensitive court files were unlawfully accessed via the NSW Online Registry websiteAn unidentified hacker who exploited the system using a Python script | An unidentified hacker who exploited the system using a Python script |
| 8 | Sydney Tools | Retail / Hardware and DIY supplies | Over 34 million customer records and 5,000 employee records were exposed due to an unprotected Clickhouse database | No confirmed threat actor |
| 9 | Vroom by YouX (formerly Drive IQ) | Financial Technology (Fintech) / Automotive Financing | 27,000 records including driver’s licenses, bank statements, and other PII were exposed via an unprotected AWS S3 database | No confirmed threat actor |
April 2025
| No | Affected Company | Industries | Data breach Details | Threat Actor |
|---|---|---|---|---|
| 1 | 13cabs | Transportation / Ride-hailing Services | User accounts were compromised, exposing usernames, addresses, phone numbers, and Taxi Subsidy Scheme eligibility | Unknown – no threat actor |
| 2 | Hexicor, an IT services firm based in Brisbane | IT services, cybersecurity, unified communications, and network services. | The KillSec ransomware gang attacked Hexicor, stealing data including client folders, Mitel MiCollab backups, hashed passwords, and other security data, and is offering to sell the stolen data. | KillSec, a ransomware group |
| 3 | Rest, HostPlus, Australian Retirement Trust, AustralianSuper | Superannuation and pension funds. | Hackers targeted superannuation funds, compromising thousands of user accounts, particularly those in the pension drawdown phase, and accessing personal data such as names, email addresses, and member numbers. | Cyber criminals using credential stuffing attacks, attempting fraud and targeting pensioner accounts for withdrawal manipulation. |
| 4 | Western Sydney University (WSU) | Higher education | Unauthorized access to current and former student accounts, compromising data such as enrolment, progression, demographic details, and tuition fee information. Approximately 10,000 students were impacted | Unspecified cybercriminals targeting WSU, with previous incidents also linked to the dark web |
| 5 | The Fullerton Hotels and Resorts | Hospitality | Ransomware attack leading to the exfiltration of 148 GB of data, including employee records, passports, driver’s licenses, credit card details, financial data, and more | Akira ransomware gang |
| 6 | Hertz | Car Rental | A vendor cyberattack led to the theft of Hertz customer names, dates of birth, contact information, driver’s licenses, payment card info, and some Social Security and government IDs | Clop ransomware gang |
May 2025
| No | Affected Company | Industries | Data breach Details | Threat Actor |
|---|---|---|---|---|
| 1 | Watkins Steel (Brisbane-based steel subcontractor) | Mining, building, and construction | 17GB of sensitive data stolen, including employee and client info | Akira ransomware group claimed responsibility; investigation ongoing |
| 2 | Australian Human Rights Commission (AHRC) | Government, human rights, and public sector | Around 670 documents with personal information were accidentally exposed online, with about 100 accessed via search engines between April and May 2025 | No malicious actor |
| 3 | MKA Accountants, a Victorian accounting firm | Financial services and accounting | Internal documents, including correspondence, financial statements, and insurance information, were leaked online after a ransomware attack discovered on 15 May 2025 | Qilin ransomware group claimed responsibility and published evidence on the dark web |
| 4 | Legal Practice Board of Western Australia | Public sector legal regulation and professional oversight | Hackers exfiltrated 300GB of data, including limited contact details, correspondence, and bank account information, with threats to publish it | The Dire Wolf ransomware group, a newcomer using double-extortion tactics, claimed responsibility for the attack |
| 5 | 3P Corporation | Financial services, including accounting, tax, financial planning, legal advice, and HR services | Over 200GB of internal documents and customer data, including tax documents, bank details, employee pay slips, and personal information of more than 4,500 clients, were published online by hackers | The Space Bears ransomware group claimed responsibility for the attack |
June 2025
| No | Affected Company | Industries | Data breach Details | Threat Actor |
|---|---|---|---|---|
| 1 | Skeggs Goldstien | Financial services (tax, accounting, wealth management, business advice, estate and retirement planning) | Hackers stole 500GB of data, including client details and tax returns, and threatened to publish it on the dark web | The Qilin ransomware gang, likely based in eastern Europe, claimed responsibility for the attack |
| 2 | Pressure Dynamics | Hydraulics, oil and gas, offshore production, and defence. | Hackers published 106.84GB of data, including engineering documents, operations reports, and employee medical records. | The DragonForce ransomware group, operating as a ransomware-as-a-service, claimed responsibility for the attack. |
| 3 | Vertel | ICT and telecommunications services for public and private sectors | Hackers exfiltrated SQL databases, client personal information, and financial documents, threatening to publish the data | The Space Bears ransomware group claimed responsibility for the attack |