Ferve and Melbourne International Film Festival: Melbourne International Film Festival customers' data leaked via Ferve platform

Melbourne International Film Festival (MIFF) Hit by Data Breach Affecting 26,700 Customers

The Melbourne International Film Festival (MIFF) has confirmed a data breach linked to its third-party ticketing provider, Ferve, exposing the personal information of over 26,700 customers roughly 10% of its database. The incident came to light on May 29, with affected users reporting unusual messages, including texts featuring sad face emojis and emails referencing Miley Cyrus.

One email, purportedly from MIFF and titled "Critical Security Incident," contained only the phrase: "i feel like miley cyrus sometimes." The festival’s investigation revealed that unauthorized access may have compromised customer data, including names, email addresses, phone numbers, and residential addresses. However, Ferve does not store full credit card details, and no account passwords were exposed.

MIFF acted swiftly to contain the breach, suspending access to affected accounts and implementing additional security measures. The Australian Cyber Security Centre (ACSC) has been notified, and the investigation into the breach’s origin remains ongoing.

Ferve, an Australian-owned ticketing platform, serves multiple major festivals, including the Sydney Film Festival, Sydney Fringe Festival, and Melbourne Writers Festival. This year’s MIFF is scheduled to run from August 6 to 23 in Melbourne. Ferve has yet to comment publicly on the incident.

Source: https://www.abc.net.au/news/2026-06-01/melbourne-international-film-festival-data-leak-ferve-ticketing/106746980

FERVE cybersecurity rating report: https://www.rankiteo.com/company/ferve

Melbourne International Film Festival cybersecurity rating report: https://www.rankiteo.com/company/melbourne-international-film-festival

"id": "FERMEL1780309591",
"linkid": "ferve, melbourne-international-film-festival",
"type": "Breach",
"date": "5/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '26,700',
                        'industry': 'Arts & Entertainment',
                        'location': 'Melbourne, Australia',
                        'name': 'Melbourne International Film Festival (MIFF)',
                        'type': 'Cultural/Entertainment Organization'},
                       {'industry': 'Technology/SaaS',
                        'location': 'Australia',
                        'name': 'Ferve',
                        'type': 'Third-party ticketing provider'}],
 'attack_vector': 'Third-party compromise',
 'customer_advisories': 'Emails and texts sent to affected customers (e.g., '
                        "'Critical Security Incident')",
 'data_breach': {'number_of_records_exposed': '26,700',
                 'personally_identifiable_information': 'Names, email '
                                                        'addresses, phone '
                                                        'numbers, residential '
                                                        'addresses',
                 'sensitivity_of_data': 'High (names, emails, phone numbers, '
                                        'addresses)',
                 'type_of_data_compromised': 'Personally Identifiable '
                                             'Information (PII)'},
 'date_detected': '2024-05-29',
 'description': 'The Melbourne International Film Festival (MIFF) confirmed a '
                'data breach linked to its third-party ticketing provider, '
                'Ferve, exposing the personal information of over 26,700 '
                'customers. The incident involved unusual messages sent to '
                'affected users, including texts and emails referencing Miley '
                'Cyrus. The breach compromised names, email addresses, phone '
                'numbers, and residential addresses, but no full credit card '
                'details or account passwords were exposed.',
 'impact': {'brand_reputation_impact': 'Potential reputational damage to MIFF '
                                       'and Ferve',
            'data_compromised': 'Names, email addresses, phone numbers, '
                                'residential addresses',
            'identity_theft_risk': 'High (due to exposure of PII)',
            'operational_impact': 'Suspended access to affected accounts, '
                                  'additional security measures implemented',
            'payment_information_risk': 'Low (no full credit card details '
                                        'exposed)',
            'systems_affected': 'Third-party ticketing platform (Ferve)'},
 'investigation_status': 'Ongoing',
 'references': [{'source': 'MIFF Public Statement'}],
 'regulatory_compliance': {'regulatory_notifications': 'ACSC notified'},
 'response': {'communication_strategy': 'Customer advisories sent (e.g., '
                                        "'Critical Security Incident' emails)",
              'containment_measures': 'Suspended access to affected accounts',
              'incident_response_plan_activated': 'Yes',
              'law_enforcement_notified': 'Australian Cyber Security Centre '
                                          '(ACSC) notified',
              'remediation_measures': 'Additional security measures '
                                      'implemented'},
 'title': 'Melbourne International Film Festival (MIFF) Data Breach',
 'type': 'Data Breach'}

Ferve and Melbourne International Film Festival: Melbourne International Film Festival customers' data leaked via Ferve platform

Unnamed VPN Vendor: Race Against Time: Why Faster Vulnerability Alerts Matter

Eriell and SECONT: Nova Ransomware Lists Russian Oil Firm Eriell in May 26 Batch

Signal: Hackers Target Signal Users to Steal Backups in New Attack Wave