$5.8 Million Fine. No Multi-Factor Auth. No Excuse.

Estimated Exposure: 223,000 patients. $5.8 million penalty.

What Happened: Australian Clinical Labs got breached in 2022. Hackers walked through the front door — no multi-factor authentication, firewall logs kept for only one hour, no proper incident response plan. 223,000 patient health records stolen. Medication histories that reveal mental illness, fertility treatment, gender transition. All posted for sale on the dark web. The Federal Court didn’t just fine them — they broke it down: $4.2 million for not securing data. $800,000 for not investigating. $800,000 for not reporting it fast enough. First civil penalty ever imposed under the Privacy Act. The court said they “failed to act with sufficient care and diligence.”

Message: Australian regulators: ignorance is not a defence. Negligence has a price tag.

Source: Federal Court of Australia [2025] FCA 1224, OAIC prosecution

What Happened: $235,400 Gone — Victim Found Legally Liable – Legal Precedent, WA

Explore More Case Studies

$235,400 Gone — And the Victim Got the Blame. WA Court.

Estimated Exposure: $235,400 stolen. Only $43,000 recovered. Victim ordered to pay.

What Happened: Mobius Group sent a legitimate invoice to Inoteq — a WA resources company. Hackers intercepted the email chain and sent a near-identical invoice with different bank details. Inoteq paid $235,400 to the wrong account. Standard BEC attack. Happens every day. But heres the precedent: when Mobius sued, the WA District Court found that INOTEQ — the victim who got scammed — was partly liable. The court said they should have verified the payment details. First major Australian court ruling on BEC liability. The business that got defrauded was ordered to pay back the money.

The Message: “I didnt know” is no longer a defence in Western Australia. The courts have ruled. If you dont take reasonable steps to verify and protect, the liability lands on you — even when youre the victim.

Source: [2024] WADC 114, HWL Ebsworth Legal Analysis

What Happened: BEC invoice fraud. $235,400 stolen, only $43K recovered. WA District Court ruled the VICTIM was legally liable.

View Case Study

106 GB of Employee Data — Published. Perth Company.

Estimated Exposure: 106+ GB corporate and employee data exfiltrated and published on the dark web.

What Happened: Pressure Dynamics International — a WA-based hydraulics and industrial company servicing oil, gas, offshore, and defence — got hit by DragonForce ransomware in 2025. The attackers didnt just encrypt. They exfiltrated over 106 gigabytes of corporate and employee data before locking the systems. Then they published it. Employee records. Corporate documents. Client details. All of it — available to anyone who knows where to look. This is the kind of business Perth tradies work around every day. Supplying rigs, maintaining equipment, servicing the industries that keep WA running. If they can get hit, your business is not too small to be a target.

The Message: Automated scanners dont care what industry youre in. They scan every IP, every domain, every exposed service. If your website or systems have a known vulnerability, youre on the list. The only question is when.

Source: Cyber Daily Exclusive, 2025

What Happened: DragonForce ransomware hit a WA industrial company. 106+ GB exfiltrated and published.

View Case Study

Get Certified Before
You're the Next Headline

Dummy text

Start My Protection Now