Australian businesses are facing an increasingly diverse range of cyber and fraud threats, with recent incidents involving an alleged large-scale data breach and a sophisticated property scam attempt highlighting the challenges organizations face in protecting customer information, financial assets and business operations.
The incidents also reflect growing areas of concern for insurers, brokers and risk professionals as cyberattacks, identity fraud and social engineering schemes continue to evolve in both scale and complexity.
Sydney-based workplace catering firm Hampr is investigating claims that a hacker stole and published more than 360,000 customer records on a popular hacking forum on May 31.
The alleged breach involves two datasets. One reportedly contains customer IDs, names, phone numbers and account details, while the second includes dietary information, payment details, billing data and workspace information.
Hampr said it has launched an urgent investigation and notified relevant government cybersecurity authorities.
"Given our commitment to transparency, we have proactively notified our customers that we are aware of the allegations and are actively investigating," a spokesperson said.
The threat actor, who uses the handle "2019," is believed to be the same individual behind a recent breach involving the Melbourne International Film Festival, which confirmed unauthorized access to customer data held within the Ferve ticketing platform. The actor has been linked to at least 20 separate leak posts since February 2026, with Australia among the most frequently targeted countries.
The incident highlights the continued exposure businesses face from data breaches and cybercrime. For organizations holding customer information, cyber incidents can trigger a range of costs beyond the immediate technical response, including forensic investigations, legal expenses, customer notifications, regulatory scrutiny and reputational damage.
The evolving threat environment has also reinforced the importance of cyber insurance and incident response planning, with insurers increasingly focused on helping policyholders strengthen cybersecurity controls and respond more effectively when breaches occur.
In Western Australia, 10 settlement agents received identical emails from an individual falsely claiming to own a vacant block of land in Yanchep valued at approximately $900,000.
The sender claimed to be overseas and asked whether identity verification requirements could be bypassed – a request that immediately raised concerns among settlement agents, who reported the matter to authorities.
Consumer Protection WA reminded agents that they are required to verify the identity of all parties involved in property transactions, preferably in person where possible.
Commerce Minister Dr. Tony Buti described the incident as a timely reminder of mandatory verification obligations, while Australian Institute of Conveyancers WA chief executive Brook Durling warned that property fraud attempts were likely to continue and that vigilance remained a shared responsibility across the sector.
Property transactions have become an increasingly attractive target for fraudsters due to the high values involved and the growing use of digital communications throughout the buying and selling process. Industry participants have reported ongoing concerns around identity theft, impersonation schemes and payment redirection fraud affecting property professionals and consumers alike.
The risks also have implications for insurers, particularly those providing professional indemnity cover to conveyancers, settlement agents and legal professionals. Verification procedures, fraud controls and employee training have become increasingly important risk management considerations as fraud tactics continue to evolve.
While the incidents involve very different sectors, both highlight how cybercrime and financial fraud are becoming increasingly interconnected challenges for Australian businesses.
Whether targeting customer data, digital systems or high-value transactions, threat actors continue to exploit weaknesses in processes and controls. As a result, organizations are being encouraged to take a broader view of risk management that combines cybersecurity, fraud prevention, employee awareness and insurance protection.
The incidents serve as a reminder that emerging threats are no longer confined to a single line of business. Instead, they increasingly span cyber, professional liability, financial crime and operational risk exposures, creating new challenges for businesses seeking to protect themselves in a rapidly evolving threat landscape.
