The Latest Cyberattacks Putting Aussie Businesses on High Alert

The new wave of cyberattacks hitting Aussie businesses

You might think your business is too small to be a target. But that’s exactly what hackers are counting on. With fewer resources and less cybersecurity infrastructure, small businesses can be seen as easy pickings for cybercriminals.

In this blog, we take a look at some of the most recent cybercrimes to hit Aussie businesses in the last six months. We also examine how small business owners can learn from these examples and protect themselves.

Patient information stolen from medical centre

Located roughly one hour from Melbourne, a medical centre in Narre Warren South was hit back in November 2024. The medical centre released a statement saying unusual activity had been detected on the systems that indicated a potential cyber incident had occurred. The medical centre could not, at the time, clarify if patient information had been compromised or not. However, the cybercriminal group later published patient information including medical cards and passports, as well as internal documentation.

147GB of sensitive data stolen from financial firm

A medium-sized wealth management firm  fell victim to a ransomware cybercriminal group in December 2024. The hackers stole 147GB of data which included passport details, payroll data and at least one employee contract.

According to the hacker group, their victims are given seven days to respond to its demands. But once that deadline is passed, the group then publishes the stolen data. 

Customer passports leaked after tour operator hit

In March of this year, a well-known Sydney-based tour operator was targeted by hackers who demanded a ransom. After making their demands, their published stolen customer passport details online.

Information like this is highly valuable to cybercriminals even if victims do not pay the ransom, as it can be sold on the dark web and used to commit fraud and identity theft.

Tool supplier leaves 34 million orders exposed online

In March this year, a US-based cyber news outlet discovered a massive gap in a Sydney tool supplier’s cybersecurity measures: their database was completely exposed and publicly accessible. At the time, the Sydney Tools database contained over 5,000 former and current employee records as well as details for more than 34 million online orders.

This incident can’t be counted as a cyberattack as the database was accidentally left exposed by internal staff. However, this does act as a stark warning for business owners to take the right steps to protect customer data and business information. Otherwise, you’re doing the hackers’ jobs for them.

Tech company breach exposes government client data

A tech solutions company also became a victim of the same hacker group as Wendy Wu Tours in April this year. Hexicor is a technology solutions company with a head office in Brisbane and services over 1,000 government customers and 1,500 business and corporate customers.

In the data breach, the hacker group published customer data, which included healthcare and alleged government education clients.

Why small businesses need to be vigilant 

You may think that only large-scale corporations are targeted by cybercriminals. Recently, companies like Hertz, Qantas, REST and Australian Super, as well as a number of Australian universities and government agencies, have all been in the news due to serious data breaches. However, as our list above shows, you don’t have to be a big company to become a victim of a cyberattack.  

Could this happen to your small business?

These types of incidents can have devastating consequences for small businesses, from reputational damage and financial losses to legal liability.

On top of this, many of today’s cyber threats don’t require much technical skill from the attacker. Ransomware kits, phishing templates and stolen credentials are all widely available on the dark web, making it easier than ever for bad actors to launch damaging cyberattacks.

No matter your size or industry, if you collect, store or manage data online, then you could be a target.

Protect your small business from cyberattacks

To avoid becoming a cyber victim, make sure you take the necessary steps to protect your business and your client’s data.

Create a cyber incident response plan

A cyber incident response plan (CIRP) is an outlined strategy that details the steps a business needs to take in order to detect, respond to, contain and recover from a cyber security incident. Its purpose is to minimise the damage of a cybersecurity breach and reduce the business’s down time.  

Invest in cybersecurity tools

There are many different kinds of cybersecurity tools and software that you can invest in to help you combat cyberattacks. Antivirus software, multi-factor authentication (MFA) firewalls and endpoint detection and response (EDR) tools are all ways that you can improve your cybersecurity measures.  

Train your employees to spot scams

In many cases, your employers are the first line of defence against cyber threats. Training and educating staff to identify and respond to cyberattacks is one way you can help to protect your business.

Backup all files and data

Regularly backing up your files and data gives you a safety net just in case something goes wrong, whether that’s a malicious cyberattack or accidental deletion. You’ll be glad to have your information backed up so you can restore it quickly and easily.

You can find automated backup systems that take care of this for you. This saves you the time and effort of remembering to back up information yourself.

Update, patch, repeat

Keeping your software up to date is one of the simplest ways to protect your business from cyber threats. This is because outdated software, apps or operating systems often have weak points that cybercriminals can exploit, leaving your business vulnerable. 

Enable automatic updates wherever possible, whether it’s on your computer, phone or business software, like point-of-sale or accounting systems. These updates often include “patches” that fix security holes and protect you against the latest threats.

Consider Cyber Liability insurance

Things may still go wrong even when you’ve taken all the necessary precautions. This is where Cyber Liability insurance may help.

Cyber Liability insurance is designed to help protect you from claims and support your profitability in the event of a cyber breach or attack. Costs associated with defending a cyber claim are also covered. Examples of the types of risks Cyber Liability insurance can assist with are unintended loss or release of customer personal information, cyber crime, cyber extortion/ransomware and business interruption due to a cyber event.

Stay up to date and protect your business

Maintaining strong cybersecurity measures does not have to be difficult or expensive. As a small business owner, it’s important that you stay up to date with the latest cyber threats and scams and ensure that you’re not unnecessarily exposing yourself to risks – like the Sydney Tools example above.  

Creating a cyber incident response plan, investing in cybersecurity tools and Cyber Liability insurance, and ensuring your staff are fully trained on cyber risks, can help to protect your business. Putting all of these things together can help to create a more comprehensive cybersecurity plan that can help to protect your business.

This information is general only and does not take into account your objectives, financial situation or needs. It should not be relied upon as advice. As with any insurance, cover will be subject to the terms, conditions and exclusions contained in the policy wording.

© 2025 BizCover Pty Limited, all rights reserved. ABN 68 127 707 975; AFSL 501769