Peter A Clarke

The list of data breaches in Australia continues to grow. It is not extraordinary compared to similar countries like the United States, Canada and the United Kingdom. The exposure to regulatory action is greater now that the Privacy Act has been amended. Whether that comes to pass is the question. With the statutory tort of interference with privacy coming into effect on 10 June 2025 there may be exposure if the actions or omissions giving rise to the data breach were reckless.

The breaches, or at least those that we know about, are:

• Hertz: Customers’ personal data and driver’s licenses stolen in data breach.  It said in notices on its website that the breach relates to a cyberattack on one of its vendors between October 2024 and December 2024.

• Fullerton Hotel Sydney: There was a hack impacting The Fullerton Hotel Sydney. Passports and driver’s licences were taken part of a 148-gigabyte data breach.

• Western Sydney University:  10k students impacted by new Western Sydney Uni data breach. 

• REST and AustralianSuper: As I posted previously with The cyber attack on Australian Super Funds continue to reveal weaknesses in the funds approach to data security and breaches AustralianSuper was affected by co-ordinated cybersecurity attack.

• Hexicor:  Hackers  shared screenshots of customer folders, digital certificates, and a list of hashed passwords and backup data. It is reported in KillSec claims ransomware attack on Qld IT services firm Hexicor

• 13Cabs:13cabs  published a notice detailing a potential cyber attack after it discovered unauthorised activity on its network.  It is reported in 13cabs may have suffered a major data breach.