Between October and December 2025, Australia experienced a series of high-impact cyber security incidents across multiple sectors. While many breaches were reported, a small number accounted for the majority of data exposure, financial risk, and organisational disruption.
The following incidents stood out due to the scale and sensitivity of data compromised, extended attacker access, and serious operational and reputational consequences.
One of Australia’s largest universities, spanning education, research, healthcare partnerships, and global alumni networks. More than 13,000 individuals were impacted following the theft of personal data relating to staff, donors, and alumni.
Impact: Significant reputational damage, regulatory scrutiny, and long-term erosion of stakeholder trust.
A major public university serving a large and diverse student population across multiple campuses. The breach exposed passport details, tax file numbers, payroll data, and health information over several months.
Impact: High regulatory risk, extensive remediation costs, and serious identity theft and fraud concerns.
An Australian engineering company operating within the defence supply chain, supporting naval programs including Hunter and Collins class vessels. Threat actors alleged up to 5 months of network access.
Impact: National security implications, increased supply chain risk, and heightened government oversight.
A Queensland-based law firm providing legal services to individuals and businesses. Hackers claimed the theft of more than 400GB of data, including HR and potentially client-sensitive legal information.
Impact: High legal liability, client confidentiality exposure, and potential professional conduct consequences.
A Tasmanian not-for-profit delivering aged care, disability, and community services. A ransomware attack resulted in the theft of client and staff data, impacting vulnerable individuals.
Impact: Severe ethical and operational consequences, service disruption, and significant reputational harm.
An Australian jewellery retailer operating both online and in-store, handling customer payment and personal information. The incident followed claims by the SafePay ransomware group.
Impact: Brand damage, potential financial loss, and reduced customer trust.
A global beverage manufacturer with Australian operations across production, logistics, and corporate functions. Australian employee data was compromised as part of a broader global data leak.
Impact: Cross-border data exposure, compliance challenges, and workforce trust implications.
A Victorian-based medical practice providing primary healthcare services to the local community. The cyber attack resulted in unauthorised access to personal medical information.
Impact: High patient privacy risk and mandatory breach notification requirements.
A specialist medical clinic providing ENT services across Sydney. A compromised email account led to potential exposure of patient information.
Impact: Targeted patient risk and increased scrutiny of email security controls.
An Australian construction and materials services company supporting infrastructure and development projects. A ransomware group alleged the theft of personal information.
Impact: Operational disruption and increased exposure to extortion-driven attacks.
Across these incidents, several consistent patterns emerged:
The cumulative cost of these incidents extends well beyond immediate response efforts, with long-term implications for compliance, insurance, customer confidence, and executive accountability.
These incidents highlight a common reality. Major breaches rarely begin with sophisticated attacks. They start with small gaps in visibility, identity controls, or monitoring that go unnoticed.
At Perigon One, we help organisations identify and reduce these risks early. If you would like a clear view of your current cyber exposure, we offer a 15-minute no-obligation consultation to highlight priority actions and strengthen your security posture.
Sometimes, a short conversation is all it takes to prevent a much larger problem.
