Japan's largest brewer, Asahi Group Holdings, has confirmed a ransomware attack by the Qilin group, resulting in production shutdowns and the theft of 27GB of corporate data.
Oracle has issued an emergency patch for a critical zero-day vulnerability (CVE-2025-61882) in its E-Business Suite. The Clop ransomware group has been exploiting the flaw to steal executive data and launch widespread extortion campaigns affecting thousands of organisations globally.
The NSW Reconstruction Authority has confirmed a major data breach affecting 3,000 flood victims after a contractor uploaded sensitive personal and health information to ChatGPT. The breach, undisclosed for more than six months, raises serious concerns about security and transparency.
The NSW Reconstruction Authority has confirmed a major data breach affecting 3,000 flood victims after a contractor uploaded sensitive personal and health information to ChatGPT. The breach, undisclosed for more than six months, raises serious concerns about security and transparency.
Cyber News Centre's cyber update for 7th October 2025: The New South Wales Reconstruction Authority (NSWRA) has confirmed a data breach affecting the personal information of up to 3,000 flood victims after a former contractor uploaded sensitive data to an unauthorised AI tool.
The NSWRA is the state body responsible for disaster recovery and community rebuilding, including the Northern Rivers Resilient Homes Program, which assists residents impacted by the 2022 floods.
Update: The NSW Government published the update yesterday, 6 October 2025, confirming that in March 2025, a former contractor uploaded an Excel spreadsheet containing more than 12,000 rows of applicant data from the Resilient Homes Program to ChatGPT without approval. The file included names, addresses, phone numbers, email addresses and some personal and health information.
The NSWRA said it took immediate action to contain the breach, engaging forensic analysts and working with Cyber Security NSW to determine the scope and risks. The NSW Privacy Commissioner has been notified, and an independent review has been initiated to understand how the breach occurred and why notification took time.
Authorities said there is currently no evidence that any of the uploaded data has been accessed or made public, although monitoring of the internet and dark web is ongoing. Impacted individuals will be contacted this week with confirmation of what data was shared and will be offered personalised support.
In its statement, the NSWRA apologised for the incident, saying,
“We understand this news is concerning and we are deeply sorry for the distress it may cause for those who have engaged with the program.” It also added, “We know people will want to know exactly what has been shared and we are doing all we can to get that information to them as soon as possible.”
Why It Matters:
This breach is one of Australia’s first known government incidents involving the use of an unauthorised public AI platform. The fact that sensitive personal and health information was uploaded to ChatGPT without approval highlights the growing risk of shadow AI, where employees or contractors use unvetted tools to handle confidential data.
The six-month delay between the breach and its public disclosure raises questions about transparency and the effectiveness of government incident response processes. It also underscores the urgent need for clear AI-use policies, comprehensive staff training and stronger data-handling safeguards across public sector programs that manage personal information.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Japan's largest brewer, Asahi Group Holdings, has confirmed a ransomware attack by the Qilin group, resulting in production shutdowns and the theft of 27GB of corporate data.
Oracle has issued an emergency patch for a critical zero-day vulnerability (CVE-2025-61882) in its E-Business Suite. The Clop ransomware group has been exploiting the flaw to steal executive data and launch widespread extortion campaigns affecting thousands of organisations globally.
Security researchers have unmasked Phantom Taurus, a sophisticated Chinese state-sponsored hacking group. For over two years, the group has conducted covert espionage against government and telecommunications organisations worldwide using a custom, fileless malware suite called NET-STAR.
A ransomware attack on a Toowoomba pharmacy has resulted in the leak of sensitive patient data, including medical records and NDIS information. The DragonForce ransomware group has claimed responsibility, highlighting the growing threat to Australian healthcare providers.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
