Top 3 Cyber Incidents in Australia (October 2025 Update)
In 2025, cyber incidents in Australia have shaken both major corporations and government institutions, underscoring a harsh reality for small and medium-sized enterprises (SMEs): cyber resilience is no longer optional.
In response to this growing threat, we’re offering a limited-time vulnerability assessment tailored to uncover and mitigate your most critical security risks.
By taking advantage of this offer, you’ll be one step closer to building a safer, smarter IT environment. One that’s prepared to withstand the evolving cyber landscape.
Continue reading to find out how to book your assessment and fortify your business against future cyber incidents in Australia.
Cybercrime Trends in 2025: Insights from Top Cyber Incidents in Australia
The Australian Cyber Security Centre (ACSC) Annual Cyber Threat Report 2024–25 reveals a sharp rise in malicious activity, including credential theft, ransomware attacks, and exploitation of critical infrastructure.
- 84,700+ cybercrime reports to ACSC in FY2024–25 (that’s one every 6 minutes!)
- $56,600 average cost per incident for small businesses (↑14% from the previous year)
- 111% increase in alerts to critical infrastructure entities (over 190 notifications issued by the ACSC)
- Top sectors targeted: Government, Financial Services, Health Care, IT & Telecoms
- Top states affected: QLD, VIC, NSW
Consequently, this surge underscores the urgent need for proactive measures. For example, organisations should implement multi-factor authentication, conduct regular vulnerability assessments, and, most importantly, align their practices with the ACSC Essential 8 maturity model.
In this updated blog, we revisit the relevant top cyber incidents in Australia and highlight new developments that shape today’s threat landscape.
1. Qantas Data Breach (July 2025)
Impact: 5.7 million customer records threatened.
What Happened:
Hackers claimed to have stolen personal data and threatened public release. However, the FBI seized the attackers’ website, although the breach still raised serious concerns about data governance.
Data at Risk:
Names, contact details, and travel history.
Current Status:
Qantas is working with federal authorities to assess the breach and strengthen its cyber defences.
Why It Matters for SMEs:
Even well-resourced organisations are vulnerable; therefore, SMEs must prioritise breach detection and response planning.
2. Scattered Spider Ransomware Attacks (2025)
Impact: Multiple sectors targeted, including IT services and infrastructure.
What Happened:
The Scattered Spider group used social engineering and ransomware to infiltrate help desks and exfiltrate sensitive data.
Tactics Used:
- Credential theft
- MFA bypass
- Remote access tools
Current Status:
In response, the ACSC issued advisories urging organisations to implement phishing-resistant MFA and offline backups.
Why It Matters for SMEs:
Help desks are a common entry point, so SMEs are encouraged to train staff and deploy layered security controls.
3. Latitude Financial Data Breach (March 2023)
Impact: Over 14 million individuals affected across Australia and New Zealand.
What Happened:
Latitude detected a sophisticated cyber attack originating from a major vendor. Subsequently, attackers used stolen employee credentials to access personal data from multiple service providers.
Data Compromised:
- 7.9 million driver’s licence numbers
- 53,000 passport numbers
- 6.1 million historical records dating back to 2005
Current Status:
Latitude issued an apology and offered reimbursements for ID replacements, while investigations continue into data retention practices and security gaps.
Why It Matters for SMEs:
Third-party vulnerabilities are a growing risk. Therefore, SMEs must audit vendor access and enforce strict credential controls.
Protection Against Top Cyber Incidents in Australia: What SMEs Can Do Now
New Era Technology offers tailored cyber security solutions to help your organisation stay protected and ahead:
Essential Eight Audit
Identify vulnerabilities and align with ACSC’s guidelines for proactive defence. Learn more→
Proactive Threat Prevention
Real-time monitoring, credential protection, and adaptive controls. Learn more →
Managed IT Services
End-to-end support to secure, scale, and streamline your IT environment. Learn more →
Secure Your Business Before It’s Too Late
We know cyber security isn’t just about compliance, it’s about resilience. That’s why, alongside our Essential Eight Audit services, we’re offering a limited-time vulnerability assessment to help you strengthen your defences and stay ahead of evolving threats.
✓ Identify hidden risks
✓ Get actionable insights aligned with ACSC standards
✓ Strengthen your defences before the next breach
Key Takeaways from 2025’s Top Cyber Incidents in Australia
Cyber security is no longer a luxury; it has now become a necessity. Whether you’re in healthcare, legal, logistics, or retail, the risks are real and rising, so take proactive measures today to stay protected from cyber incidents.
Frequently Asked Questions
Recent cyber incidents in Australia, including the Qantas data breach, Scattered Spider ransomware activity, and the Latitude Financial breach, show how quickly threats can escalate across different sectors. These cases highlight the importance of stronger access controls, incident response planning, and third-party risk management. For more practical guidance, read How the Essential Eight Cyber Security Maturity Model Protects Your Business.
SMEs are often targeted because attackers look for security gaps, limited internal resources, and inconsistent controls. Cyber incidents in Australia make it clear that no organisation can afford to treat cyber resilience as optional. Explore more cyber security insights on the New Era Technology Australia blog.
SMEs can reduce risk by implementing phishing-resistant multi-factor authentication, maintaining offline backups, and reviewing user access regularly. Staff awareness training and ongoing monitoring also play an important role in limiting the impact of ransomware and credential-based attacks. Learn more in Data Loss in the Cloud: Why Microsoft 365 Data Backup Matters.
The Qantas incident shows how customer data exposure can quickly become a serious operational and reputational issue. It reinforces the need for stronger data governance, faster threat detection, and a well-tested response plan. To understand how to assess your current posture, read Unlocking Security Excellence: Introducing New Era’s Essential 8 Cyber Security Audit.
Third-party vendors can introduce risk when access permissions, credential management, or data handling controls are not regularly reviewed. The Latitude Financial breach is a strong reminder that supplier vulnerabilities can have direct business consequences. For a practical next step, see How the Essential Eight Cyber Security Maturity Model Protects Your Business.
The ACSC Essential Eight is a practical cyber security framework designed to help organisations reduce exposure to common attacks. For SMEs, it provides a structured way to improve resilience against phishing, ransomware, unauthorised access, and other evolving threats. Learn more in Unlocking Security Excellence: Introducing New Era’s Essential 8 Cyber Security Audit.
If your organisation has outdated systems, limited visibility across its environment, inconsistent backup testing, or increasing phishing activity, it may be time for a vulnerability assessment. Growing compliance requirements and vendor-related concerns are also common signs that security gaps need attention. Visit New Era Technology Australia to explore your next steps.
Businesses should take a proactive approach by reviewing access controls, improving monitoring, and aligning security practices with recognized frameworks such as the Essential Eight. Combining regular assessments with stronger backup, identity, and response processes can help reduce exposure to modern cyber threats. For more guidance, browse the New Era Technology Australia blog.
Sources:
Australian Signals Directorate, Annual Cyber Threat Report 2024–25 (2025). © Commonwealth of Australia 2025. | ABC News – Luke Cooper, Qantas Data Breach: Website Seized After Cyber Attack (Oct 10, 2025). | Australian Signals Directorate, Scattered Spider (July 30, 2025). © Commonwealth of Australia 2025. | ABC News – Dinah Lewis Boucher, What’s happening with the Latitude Financial cyber attack? (Mar 27, 2023). | UpGuard – Edward Kost, Biggest Data Breaches in Australia. (January 2, 2025).