April saw attacks on education, finance and travel sectors disclosed, with breaches showing no sign of stopping. If there was ever a time to be mindful of your personal data and where it’s held – now would be it. Dive into the major breaches disclosed to learn more.
Hertz
Hertz, a global car rental company has recently shed light on a data breach through its third-party vendor, Cleo Communications. The breach exposed sensitive customer data, including names, contact details, dates of birth, driver’s license numbers, and in some cases, Tax File Numbers, passport information, and payment card details. The incident affected customers of Hertz and its affiliated rental brands, Dollar and Thrifty. The damage spread across several regions including Australia and New Zealand. Hertz are yet to disclose the full impact of the breach, suffice to say hundreds of thousands of customers were likely impacted. If you’ve used Hertz or any of its affiliated brands and are concerned your information may have been caught up in the breach, scroll to the end of this page for steps on how to check if you’ve been affected.

Western Sydney University
Western Sydney University has been hit again, just recently fears of another cyberattack have been confirmed – this time on its single sign-on system. The breach has said to have compromised the personal data of approximately 10,000 current and former students, exposing demographic, enrollment, and academic progression information. The university has notified affected individuals and is collaborating with cybersecurity experts and law enforcement agencies to investigate the incident. The university has enabled support services to assist those impacted.
This isn’t the first time Western Sydney University has been targeted—in fact, it’s been dealing with ongoing cyber issues for the past two years, with incidents dating back to May 2023. Despite efforts to improve its systems, the university appears to still be falling short on security. This latest breach highlights the importance of individuals taking simple steps to manage their own personal information, as large organisations continue to face repeated cyber threats.
Aussie Super Funds
More concernedly, cyberattacks recently targeted several major Australian superannuation funds, including AustralianSuper, Rest, Hostplus, Australian Retirement Trust, and Insignia Financial.
Hackers stole usernames and passwords from previous breaches (a technique called data stitching) to access member accounts. AustralianSuper reported that approximately 600 accounts were compromised, resulting in four members collectively losing $500,000. Rest Super identified unauthorised access to around 20,000 accounts, with personal data of about 8,000 members exposed, though no financial losses have been reported yet. The attacks show major vulnerabilities in authentication systems and raise concerns about how well everyday Aussies’ retirement savings are being protected

Tips to Stay Safe
- Use strong, unique passwords: Avoid reusing passwords and combine letters, numbers, and special characters.
- Enable two-factor authentication (2FA): Add an extra layer of security by requiring a second verification step.
- Monitor your accounts: Regularly check bank and credit card statements for suspicious activity.
- Update software regularly: Keep devices and software up to date with the latest security patches.
- Be cautious with personal information: Carefully consider what information you share online and with whom.