This monthly review provides a curated summary of Australian and New Zealand cyber, privacy, and information security developments identified during April 2026. It includes a cross-section of incidents, regulatory updates, audit findings, and broader industry developments relevant to business and government audiences.
The content is independently sourced from publicly available reporting and government publications, with the aim of supporting internal awareness and risk-informed decision-making. This report is free to use within organisations for awareness and education purposes; however, the “collection” remains the intellectual property of Australian Cyber Aware and must not be reproduced, redistributed, or republished without permission.
This post may be updated as more news or reports are discovered. The latest version can be accessed via the Australian Cyber Aware website.
Commentary: It has been awahile since I’ve had the capacity to be able to be able to curate these summaries. There are some fundamental changes and simplifications of content that should make it easier to maintain going forward. For the interiumn I will not be doing individual incident reports but the website home page will have a listing of incidents and audit report.
So April 2026 was actually fairl busy on the inident front. I was able to track about 16 public disclose incidents, but have another 10 or so that I could not confirm, I have a track of all incidents but only publish the one’s I have some level of certainity about. A lot of ramsomware reports I think are more of scam/extortion attempts. The incident I saw with the most coverage, and relevant to us cyber professional and the insider threat risk was Treasury staffer charged for NSW government data breach.
Next month we’ll get back to adding the news clippings, for now they are accessiabel via the Flipboard link.
Please free to comment and provide suggestion.
Publicly Reported Incidents for April 2026
Claim Status: Confirmed = Acknowledged by organisation/public statement/regulator | Published = Published in mainstream or reputable media
Confirmed 29-Apr-26 NZ
NZ council cyber attack leads to ID and financial data being exposed
The Hutt City Council, located in the north island of New Zealand, reportedly suffered a phishing incident in March, leading to the identity data of five people and the financial information of as many as 732 people being exposed.
Confirmed 28-Apr-26 AU NSW
Generation Life informs customers of ‘cyber incident’ as owner shares incident with ASX
Financial services firm Generation Life has begun notifying customers of a potential data breach hours after its parent company, Generation Development Group, shared details of the incident in a report to the Australian Stock Exchange.
Confirmed 27-Apr-26 AU NSW
Exclusive: Gelatissimo confirms unauthorised access, investigates DragonForce hack claims
Major Australian ice-cream retailer Gelatissimo has launched an investigation into claims made by hackers that the company was breached in a ransomware incident.
Confirmed 23-Apr-26 AU SA
Exclusive: SA genealogical research firm Genealogy SA, confirms cyber incident following SafePay ransom claims
Threat actors have claimed to have hacked a South Australia-based genealogy non-profit, allegedly having stolen and published data.
Confirmed 22-Apr-26 NZ
Private healthcare provider IntraCare hit by cyber breach
IntraCare responded to a cyber incident involving unauthorised access to its network on Friday, 20 March 2026. Out of an abundance of caution, we decided to shut down our information technology (IT) systems and defer patient procedures for the week beginning 23 March. We communicated directly with those patients and affected specialists. Our services resumed on the 30th March.
Confirmed 21-Apr-26 AU NSW
Treasury staffer charged for NSW government data breach
In a statement released today (Tuesday, 21 April), the state government said that an NSW Treasury staff member was involved in the incident, which was discovered when a suspected data transfer to an outside party was detected.
Confirmed 17-Apr-26 AU NSW
Exclusive: NSW-based Strata Republic allegedly breached by Kairos ransomware group
Hackers claim to have stolen 441 gigabytes of data, including internal correspondence, driver’s licence scans and revealing Christmas party photos.
Published 16-Apr-26 AU SA
Accused hacker allegedly targeted government departments, courthouse and gym, court hears
Payneham resident Aiden Wood, 22, appeared in the Adelaide Magistrates Court on Thursday after being charged with 12 hacking offences including operating a restricted access computer system and modifying computer data to cause harm or inconvenience.
Published 15-Apr-26 AU QLD
Exclusive: Qld pharmacy chain allegedly breached by Kairos ransomware
With seven locations, FriendlyCare Pharmacy was listed on the dark web leak site of the Kairos ransomware group, claiming to have stolen 113 gigabytes of data.
Confirmed 15-Apr-26 NZ
NZ racehorse auction stalled by cyber attack
The New Zealand Bloodstock National Online Yearling Sale, which is held on the Gavelhouse Plus platform, was delayed 24 hours after New Zealand Bloodstock confirmed the site suffered a cyber attack.
Confirmed 14-Apr-26 AU NSW
Exclusive: Aussie communications company Mastercom ‘aware’ of INC Ransom claims
Hackers have published customer and hardware data belonging to a Sydney-based firm providing communications solutions to hundreds of businesses and local councils.
Confirmed 12-Apr-26 AU VIC
Exclusive: Aboriginal community organisation confirms cyber incident following INC Ransom claims
A Dja Dja Wurrung (Bendigo) based Aboriginal community centre has confirmed a cyber incident following claims made by the INC Ransom threat group.
Published 12-Apr-26 NZ
Exclusive: Krybit hackers claim breach of New Zealand IT services provider
A newcomer to the ransomware scene has listed Kiwi company Dencom New Zealand as a victim on its darknet leak site, one of 16 victims the group has claimed to breach since it was first observed earlier this month.
Published 10-Apr-26 AU QLD
Exclusive: Gunra ransomware lists Queensland Eric Davis Dental as breach victim
Hackers linked to the Gunra ransomware-as-a-service operation have listed Eric Davis Dental as a data breach victim on its darknet leak site, potentially compromising the medical data of hundreds of patients. Eric Davis Dental is aware of the hacker’s claims, and doubts their veracity.
Confirmed 07-Apr-26 AU VIC
Exclusive: Victorian resort hotel allegedly breached by Space Bears ransomware
On 6 April 2026, Brooklands of Mornington was listed on the dark web leak site of the Space Bears ransomware group, which claimed to have stolen personal data belonging to both guests and staff, financial documents and “other files”.
Confirmed 04-Apr-26 AU WA
Exclusive: Anubis ransomware gang claims hack of WA-based Shine Aviation
The Anubis ransomware operation are claiming to have exfiltrated 57 gigabytes of data, totalling more than 68,000 files.
Related
