Melbourne, 4^th July 2025 — Holistic Cyber Australia has today announced it has published the most comprehensive list of known cyber breaches affecting Australian organisations in 2025. The list, which is publicly accessible and continuously updated, is available at holisticyber.au/breaches.

Each entry includes a link to a reputable news source providing credible evidence of the breach, even in cases where the incident has not been formally acknowledged by the affected organisation or reported to the Australian Government.

Key insights from this list

• Holistic Cyber identified 70 breaches In the first half of 2025, an average of well over two-and-a-half organisations per week. This figure represents only the visible portion of a much larger problem.  Australian Government statistics suggest that over 50 small and medium-sized businesses report serious cybersecurity incidents each week, with the true number likely even higher due to widespread underreporting (ref. this article).

  
  

• The healthcare sector features the most, with 11 named breaches, followed by engineering and manufacturing (10), retail (8), finance and accounting (7), and education and training (5).

  
  

• The majority of breaches have been attributed to specific criminal organisations. Leading the list are Qilin and Lynx, each responsible for 5 breaches, followed by Akira and KillSec with 4 breaches each. Other active groups include INC, Global, Space Bears, and the ironically named SafePay, each with 3 breaches.

  
  

About Holistic Cyber Australia

Holistic Cyber is an Australian cybersecurity consultancy dedicated to serving small to medium businesses and smaller not-for-profit organisations.  Services include identifying an organisation’s security gaps and risks, developing an associated security strategy and action plan, and expertise to help maximum value from your IT and cybersecurity supplier(s).

Media Contact

contact@holisticyber.au

Tel: 1300 375 035

holisticyber.au