Ferve and Hampr: Exclusive: Aussie workplace catering firm Hampr suffers alleged 360k record data breach

Hacker Leaks 360,000 Records from Australian Catering Firm Hampr

A hacker known as 2019 has released over 360,000 records allegedly stolen from Hampr, an Australian corporate catering company, on a popular hacking forum. The data, posted on 31 May, was made freely available and includes two sets of compromised information.

The first dataset contains customer IDs, names, mobile numbers, and account details, while the second includes dietary preferences, payment details, billing information, and workspace data. Hampr, which serves clients such as Nespresso, CBRE, and Cisco, has not responded to requests for comment.

The threat actor, 2019, has been active since at least February 2026 and has previously targeted Australian organizations, including the Melbourne International Film Festival (MIFF). MIFF confirmed a third-party breach via its ticketing platform, Ferve, which exposed customer names, emails, phone numbers, and addresses but not full credit card details or passwords.

Australia remains one of 2019’s most frequently targeted countries, alongside Spain, the UAE, and the USA. The hacker has shared data from 20 victims across multiple leak posts. Hampr, headquartered in Sydney, provides corporate catering services with a digital dashboard for order tracking and event management.

Source: https://www.cyberdaily.au/security/13679-exclusive-aussie-workplace-catering-firm-hampr-suffers-alleged-360k-record-data-breach

FERVE cybersecurity rating report: https://www.rankiteo.com/company/ferve

hampr cybersecurity rating report: https://www.rankiteo.com/company/try-hampr

"id": "FERTRY1780367031",
"linkid": "ferve, try-hampr",
"type": "Breach",
"date": "5/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '360,000',
                        'industry': 'Food & Beverage, Corporate Services',
                        'location': 'Sydney, Australia',
                        'name': 'Hampr',
                        'type': 'Corporate Catering Company'}],
 'data_breach': {'data_exfiltration': 'Yes',
                 'number_of_records_exposed': '360,000',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Customer IDs',
                                              'Names',
                                              'Mobile Numbers',
                                              'Account Details',
                                              'Dietary Preferences',
                                              'Payment Details',
                                              'Billing Information',
                                              'Workspace Data']},
 'date_publicly_disclosed': '2024-05-31',
 'description': 'A hacker known as *2019* has released over 360,000 records '
                'allegedly stolen from Hampr, an Australian corporate catering '
                'company, on a popular hacking forum. The data includes '
                'customer IDs, names, mobile numbers, account details, dietary '
                'preferences, payment details, billing information, and '
                'workspace data.',
 'impact': {'data_compromised': '360,000 records',
            'identity_theft_risk': 'High',
            'payment_information_risk': 'High'},
 'references': [{'source': 'Hacking Forum'}],
 'threat_actor': '2019',
 'title': 'Hacker Leaks 360,000 Records from Australian Catering Firm Hampr',
 'type': 'Data Breach'}