Two cyber incidents hitting Australian educational institutions within days of each other have underlined the exposure facing organisations that handle large volumes of personal data and the role cyber insurance plays in managing the financial and regulatory fallout when systems are compromised.
All computer systems at Reynella East College went offline on or before June 9, 2026, after a cyber security incident disrupted the school’s entire network. The school circulated a written notification to parents and carers that same day, co-signed by the principal and chief information officer, advising that restoration was not expected before the end of that week. The school is a government institution located in Adelaide’s southern suburbs, enrols more than 1,900 students from pre-school through Year 12, and operates international and study abroad programs. “There has been a cyber security breach impacting all of our school’s computer systems. The Department for Education is working closely with our school and specialist teams to understand what has happened and restore systems as quickly as possible. It is unlikely our school’s ICT systems will be back online this week,” according to the letter, as reported by Cyber Daily.
Face-to-face instruction has continued throughout the disruption. The notification acknowledged that families would likely have concerns about what the incident means for personal data held by the school and indicated that a further update would follow if the investigation confirms any records were accessed or taken. Investigations were described as ongoing at the time of reporting, and no threat actor had publicly claimed the attack as of June 11, 2026, when Cyber Daily published its report.
R.I.C Publications, a publisher of classroom and curriculum resources based in Balcatta, Western Australia, is dealing with a separate incident after a hacker posted a file to an online forum on June 4, 2026, claiming it contained purchasing records drawn from the company’s systems. The post appeared on a forum commonly used to distribute stolen data. The individual behind the post, who uses the handle “2019,” offered the data without charge to other forum members who replied to the thread. By the time Cyber Daily reported on the matter on June 11, 2026, the post had received 22 replies. The data sample shared publicly contains full names, email addresses, phone numbers, physical and IP addresses, order histories, and school affiliations – a combination that raises the risk of targeted phishing attempts against affected individuals.
A notable detail for claims and underwriting purposes is the gap between the apparent date of initial system access and public disclosure. The incident is linked to an unauthorised email sent on May 30, 2026, from an automated function on the company’s website – suggesting the attacker had some form of system access before the forum post appeared on June 4. That window is relevant to how retroactive cover and discovery-based policy triggers would apply under a cyber insurance policy.
“R.I.C. Publications has recently identified an incident involving an unauthorised email sent on 30 May 2026 from an automated email function associated with our website. We have also become aware that a third party has published a document online claiming to contain data obtained from our systems without authorisation. We understand this news may cause concern, and wish to assure our stakeholders that we are investigating this claim as a priority. We are also conducting a review of our security systems as a precautionary measure,” said an R.I.C Publications spokesperson, as reported by Cyber Daily.
The company told Cyber Daily that no evidence of further system compromise had been found and that financial payment data was not among the records involved. Cyber security specialists have been engaged and the matter has been referred to relevant authorities. R.I.C Publications operates across Australia, New Zealand, the UK, Ireland, South Africa, and Malaysia, meaning potential notification obligations may extend across multiple jurisdictions. The company urged customers to watch for unsolicited contact. “As a precaution, we encourage all stakeholders to remain vigilant for potential phishing emails or scam calls. We take cyber security seriously and are committed to keeping our stakeholders updated as we respond to this incident,” the spokesperson said.
The handle “2019” has been active on underground forums since early 2026. Cyber Daily’s reporting indicates the actor has made 35 leak posts in that period, with Australian organisations the predominant targets. Prior claimed victims include Centrelink and the Melbourne International Film Festival, alongside entities in the US, the United Arab Emirates, France, and Italy. No verified attribution to a specific individual or group has been reported. A single actor with 35 claimed Australian victims across a roughly six-month window represents a frequency signal that may warrant review of sector-wide aggregation risk, particularly given the actor’s apparent focus on organisations that hold large volumes of personal customer data.
The Office of the Australian Information Commissioner (OAIC) received 532 notifications under the Notifiable Data Breaches (NDB) scheme in the January to June 2025 reporting period – down 10% from the record set in the preceding six months, but described by the regulator as remaining at an elevated level. Malicious or criminal attacks accounted for 59% of those notifications, with cyber incidents the most common form within that category. The average number of individuals affected per cyber incident in the period was just over 10,000. Human error-related breaches rose to 37% of all notifications, up from 29% in the prior period – a trend relevant to policy conditions covering non-technical breach vectors such as social engineering and phishing. The health sector recorded the highest share of reported breaches at 18%, followed by finance at 14% and Australian government agencies at 13%.
