A ransomware attack on a Toowoomba pharmacy has resulted in the leak of sensitive patient data, including medical records and NDIS information. The DragonForce ransomware group has claimed responsibility, highlighting the growing threat to Australian healthcare providers.
Australian Clinical Labs (ACL) has agreed to a $5.8 million penalty following a 2022 data breach at its subsidiary, Medlab Pathology. The breach, orchestrated by the Quantum ransomware group, exposed the sensitive data of 223,000 Australians, prompting regulatory action from the OAIC.
WestJet has issued a further notice on its June cyber incident, confirming passenger data was exposed though payment details remain secure. The update comes amid rising aviation cyberattacks, including a recent Collins Aerospace breach that disrupted major European airports.
Volvo Group North America has disclosed a data breach exposing employee data after a ransomware attack on its HR supplier, Miljdata. The incident highlights the growing threat of supply chain attacks and their far-reaching consequences.
Cyber News Centre's cyber update for 29th September 2025: Volvo Group has confirmed a data breach that exposed employee information following a ransomware attack on a third-party HR software supplier.
Volvo Group is a Swedish multinational manufacturing corporation headquartered in Gothenburg. While its core activity is the production, distribution and sale of trucks, buses and construction equipment, Volvo also supplies marine and industrial drive systems and financial services.
The Update: Volvo Group North America has begun notifying employees and associates about a data breach that exposed their personal information, including names and Social Security numbers. The security incident did not originate within Volvo’s own networks but was the result of a ransomware attack on one of its third-party human resources software suppliers, a company named Miljdata. The initial security incident targeting Miljdata occurred on 20th August 2025.
“We were recently informed that a supplier of human resources software to the Volvo Group, Miljödata, was a victim of a security incident in which certain of your personal information may have been accessed,” Volvo said in a data breach notification published by the Office of the Attorney General in Massachusetts.
It was not until 2nd September 2025 that Miljdata determined that data belonging to Volvo Group personnel had been compromised in the attack. Miljdata informed Volvo Group of the exposure on the same day. The incident was claimed by the DataCarry ransomware group, which added Miljdata to its Tor-based leak site on 13th September and published data allegedly stolen from the company the following day.
Why it Matters: This incident is a stark reminder of the significant and growing risks associated with supply chain vulnerabilities. The breach at Miljdata has had a cascading effect, impacting not only Volvo Group but also around 25 other private companies, 200 Swedish councils, and numerous educational institutions.
The exposure of sensitive personal information, including Social Security numbers, places affected individuals at heightened risk of identity theft and fraud. For organisations, this incident highlights the critical need for robust third-party risk management programs and thorough due diligence when selecting and managing vendors with access to sensitive data.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
A ransomware attack on a Toowoomba pharmacy has resulted in the leak of sensitive patient data, including medical records and NDIS information. The DragonForce ransomware group has claimed responsibility, highlighting the growing threat to Australian healthcare providers.
Australian Clinical Labs (ACL) has agreed to a $5.8 million penalty following a 2022 data breach at its subsidiary, Medlab Pathology. The breach, orchestrated by the Quantum ransomware group, exposed the sensitive data of 223,000 Australians, prompting regulatory action from the OAIC.
WestJet has issued a further notice on its June cyber incident, confirming passenger data was exposed though payment details remain secure. The update comes amid rising aviation cyberattacks, including a recent Collins Aerospace breach that disrupted major European airports.
Perth-based operational technology firm Intellect Systems has been targeted by the Akira ransomware group, which claims to have stolen 10GB of sensitive corporate and personal data. The attack highlights the growing threat to the critical infrastructure sector through vulnerable network devices.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
