Centrelink Data Allegedly Leaked on Cybercrime Forum
A threat actor known as 2019 listed sensitive Centrelink data for sale on a cybercrime forum, as uncovered by threat researcher Dark Web Informer. The leaked records appear to originate from Centrelink’s Advice of Death form, which is used to report deaths and adjust payments for surviving family members.
The compromised data includes highly personal details of over 2,100 deceased individuals, such as:
- Full names, dates of birth and death
- Medicare and Centrelink reference numbers
- Home and hospital addresses
- Next-of-kin details (names, phone numbers, addresses)
- Aboriginal/Torres Strait Islander status
- Funeral director and estate executor information
- Signatures and declaration dates of notifiers
Instead of demanding a ransom, the threat actor is offering the data for a one-time sale, accepting cryptocurrencies (Bitcoin, Ethereum, or Monero).
Services Australia, the agency overseeing Centrelink, denied any breach of its systems, stating: “Our platforms and systems remain secure and have not been compromised.” The agency acknowledged monitoring dark web activity and suggested the data may have been exposed through a third-party compromise. It is working with the Australian Cyber Security Centre and other authorities to assess risks and implement additional security measures for affected individuals.
Source: https://www.cyberdaily.au/security/13709-exclusive-centrelink-denies-hacker-claims-of-cyber-attack
Services Australia cybersecurity rating report: https://www.rankiteo.com/company/services-australia
"id": "SER1780648898",
"linkid": "services-australia",
"type": "Breach",
"date": "1/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '2,100 deceased individuals and '
'their next-of-kin',
'industry': 'Social Services',
'location': 'Australia',
'name': 'Centrelink (Services Australia)',
'type': 'Government Agency'}],
'customer_advisories': 'Services Australia is working with authorities to '
'assess risks and implement additional security '
'measures for affected individuals.',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '2,100',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'Highly sensitive personal and '
'financial information',
'type_of_data_compromised': ['Full names',
'Dates of birth and death',
'Medicare and Centrelink '
'reference numbers',
'Home and hospital addresses',
'Next-of-kin details (names, '
'phone numbers, addresses)',
'Aboriginal/Torres Strait '
'Islander status',
'Funeral director and estate '
'executor information',
'Signatures and declaration '
'dates of notifiers']},
'description': 'A threat actor known as *2019* listed sensitive Centrelink '
'data for sale on a cybercrime forum. The leaked records '
'appear to originate from Centrelink’s *Advice of Death* form, '
'which is used to report deaths and adjust payments for '
'surviving family members. The compromised data includes '
'highly personal details of over 2,100 deceased individuals.',
'impact': {'brand_reputation_impact': 'Potential reputational damage to '
'Services Australia',
'data_compromised': 'Personal details of over 2,100 deceased '
'individuals',
'identity_theft_risk': 'High risk for next-of-kin and affected '
'individuals'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes'},
'investigation_status': 'Ongoing',
'motivation': 'Financial Gain',
'post_incident_analysis': {'root_causes': 'Suspected third-party compromise'},
'references': [{'source': 'Dark Web Informer (threat researcher)'}],
'response': {'communication_strategy': 'Public statement denying breach but '
'acknowledging monitoring of dark web '
'activity',
'remediation_measures': 'Additional security measures for '
'affected individuals',
'third_party_assistance': 'Australian Cyber Security Centre'},
'threat_actor': '2019',
'title': 'Centrelink Data Allegedly Leaked on Cybercrime Forum',
'type': 'Data Breach'}