Skip to content

Incidents in country:

Australia

18 incidents catalogued

Data breachResolved

Finsure data breach (2024)

In October 2024, almost 300k unique email addresses from Australian mortgage broking group Finsure were obtained from the ActivePipe real estate marketing platform. The impacted data also included names, phone numbers and physical addresses.

Victim
Finsure
Records
296.1K
Data breachResolved

digiDirect data breach (2024)

In September 2024, a data breach sourced from the Australian retailer digiDirect was published to a popular hacking forum. The breach exposed over 300k rows of data including email and physical address, name, phone number and date of birth.

Victim
digiDirect
Records
304.3K
Data breachResolved

Ticketek data breach (2024)

In May 2024, the Australian event ticketing company Ticketek reported a data breach linked to a third party cloud-based platform. The following month, the data appeared for sale on a popular hacking forum and was later linked to a series of breaches of the Snowflake cloud storage service.

Victim
Ticketek
Records
17.6M
RansomwareResolved

MediSecure ransomware attack

A ransomware attack on Australian e-prescription provider MediSecure exposed the personal and health data of roughly 12.9 million Australians β€” one of the country's largest breaches β€” and pushed the company into administration and liquidation.

Victim
MediSecure
Records
12.9M
Data breachResolved

Tangerine data breach (2024)

In February 2024, the Australian Telco Tangerine suffered a data breach that exposed over 200k customer records. Attributed to a legacy customer database, the data included physical and email addresses, names, phone numbers and dates of birth.

Victim
Tangerine
Records
243.5K
Data breachResolved

Dymocks data breach (2023)

In September 2023, the Australian book retailer Dymocks announced a data breach. The data dated back to June 2023 and contained 1.2M records with 836k unique email addresses. The breach also exposed names, dates of birth, genders, phone numbers and physical addresses.

Victim
Dymocks
Records
836.1K
Data breachResolved

Oxfam data breach (2021)

In January 2021, Oxfam Australia was the victim of a data breach which exposed 1.8M unique email addresses of supporters of the charity. The data was put up for sale on a popular hacking forum and also included names, phone numbers, addresses, genders and dates of birth.

Victim
Oxfam
Records
1.8M
Data breachResolved

Nitro data breach (2020)

In September 2020, the Nitro PDF service suffered a massive data breach which exposed over 70 million unique email addresses. The breach also exposed names, bcrypt password hashes and the titles of converted documents. The data was provided to HIBP by dehashed.com.

Victim
Nitro
Records
77.2M
EspionageResolved

Australian National University data breach

A sophisticated, likely state-sponsored actor breached the Australian National University's administrative systems in late 2018, exfiltrating up to 19 years of staff and student records in an intrusion praised by ANU's own report for its extraordinary operational security.

Victim
Australian National University
Records
200.0K
Data breachResolved

Sephora data breach (2017)

In approximately January 2017, the beauty store Sephora suffered a data breach. Impacting customers in South East Asia, Australia and New Zealand, 780k unique email addresses were included in the breach alongside names, genders, dates of birth, ethnicities and other personal information.

Victim
Sephora
Records
780.1K