Lifeline Australia Confirms Data Breach After Hacker Leaks Stolen Records
Australian suicide-prevention charity Lifeline has confirmed a data breach after a hacker known as "2019" posted stolen records on a dark web forum on 11 July. The threat actor claimed to have obtained over 10,000 records, including staff names, emails, dates of birth, client IDs, phone numbers, and other internal data some of which was later found to be falsified.
Lifeline became aware of the breach on 12 July and immediately launched an investigation with external cybersecurity experts. While the organisation confirmed that staff and volunteer information was accessed, it stressed that no help-seeker data or financial details were compromised. As a precaution, Lifeline is notifying affected individuals and warning staff about potential scam activity.
The hacker, "2019", has been active since January 2026, targeting multiple Australian organisations, including the Melbourne International Film Festival, a Canberra medical clinic, and the Australian Centre for the Moving Image. Their most recent victim, Hot Toner Australia, was breached around the same time as Lifeline.
Lifeline, a 24/7 crisis support service, operates through a network of 43 centres across Australia, providing counselling, training, and advocacy. The organisation is working with cybersecurity providers and law enforcement to address the incident.
Melbourne City Mission cybersecurity rating report: https://www.rankiteo.com/company/melbourne-city-mission
Lifeline Australia cybersecurity rating report: https://www.rankiteo.com/company/lifeline-australia
Australian Red Cross cybersecurity rating report: https://www.rankiteo.com/company/australian-red-cross
"id": "MELLIFAUS1783996041",
"linkid": "melbourne-city-mission, lifeline-australia, australian-red-cross",
"type": "Cyber Attack",
"date": "7/2026",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"
{'affected_entities': [{'customers_affected': 'Staff and volunteers (number '
'not specified)',
'industry': 'Healthcare/Mental Health',
'location': 'Australia',
'name': 'Lifeline Australia',
'size': '43 centres across Australia',
'type': 'Charity/Non-Profit'}],
'customer_advisories': 'Notifying affected individuals',
'data_breach': {'data_exfiltration': 'Yes (posted on dark web forum)',
'number_of_records_exposed': 'Over 10,000',
'personally_identifiable_information': 'Yes (names, emails, '
'dates of birth, phone '
'numbers)',
'sensitivity_of_data': 'High (personal and internal data, '
'though some falsified)',
'type_of_data_compromised': ['Staff names',
'Emails',
'Dates of birth',
'Client IDs',
'Phone numbers',
'Other internal data']},
'date_detected': '2026-07-12',
'date_publicly_disclosed': '2026-07-11',
'description': 'Australian suicide-prevention charity Lifeline confirmed a '
"data breach after a hacker known as '2019' posted stolen "
'records on a dark web forum. The threat actor claimed to have '
'obtained over 10,000 records, including staff names, emails, '
'dates of birth, client IDs, phone numbers, and other internal '
'data, some of which was later found to be falsified.',
'impact': {'brand_reputation_impact': 'Potential impact due to breach '
'notification and scam warnings',
'data_compromised': 'Over 10,000 records',
'identity_theft_risk': 'Potential risk for staff due to exposed '
'personal information',
'payment_information_risk': 'None (financial details not '
'compromised)'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes (posted on dark web '
'forum)'},
'investigation_status': 'Ongoing',
'references': [{'source': 'Cyber Incident Description'}],
'response': {'communication_strategy': 'Notifying affected individuals and '
'warning staff about potential scam '
'activity',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Yes',
'third_party_assistance': 'External cybersecurity experts'},
'stakeholder_advisories': 'Warning staff about potential scam activity',
'threat_actor': '2019',
'title': 'Lifeline Australia Data Breach',
'type': 'Data Breach'}