惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

AI
AI
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Google DeepMind News
Google DeepMind News
T
Tenable Blog
博客园_首页
S
Securelist
Spread Privacy
Spread Privacy
Google Online Security Blog
Google Online Security Blog
Forbes - Security
Forbes - Security
Engineering at Meta
Engineering at Meta
U
Unit 42
L
LINUX DO - 热门话题
量子位
T
Threat Research - Cisco Blogs
博客园 - 【当耐特】
C
Cyber Attacks, Cyber Crime and Cyber Security
K
Kaspersky official blog
MyScale Blog
MyScale Blog
P
Proofpoint News Feed
The Last Watchdog
The Last Watchdog
Google DeepMind News
Google DeepMind News
GbyAI
GbyAI
Martin Fowler
Martin Fowler
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Security Latest
Security Latest
Scott Helme
Scott Helme
V
Vulnerabilities – Threatpost
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
I
InfoQ
Know Your Adversary
Know Your Adversary
Cisco Talos Blog
Cisco Talos Blog
The Register - Security
The Register - Security
T
The Blog of Author Tim Ferriss
aimingoo的专栏
aimingoo的专栏
V2EX - 技术
V2EX - 技术
T
Tailwind CSS Blog
月光博客
月光博客
Recent Announcements
Recent Announcements
G
Google Developers Blog
F
Full Disclosure
W
WeLiveSecurity
宝玉的分享
宝玉的分享
腾讯CDC
G
GRAHAM CLULEY
Vercel News
Vercel News
Simon Willison's Weblog
Simon Willison's Weblog
美团技术团队
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Help Net Security
Help Net Security

Cyber Daily News

Real estate giant Cushman & Wakefield confirms cyber incident, Qilin and ShinyHunters claim attack CrowdStrike expands Project QuiltWorks as more partners join AI security coalition Attackers increasingly turning to trusted security tools to compromise Aussie victims Exclusive: Champion Homes confirms customer data compromised in “cyber event” Australia, Japan commit to partnership to meet cyber security challenges & strengthen cyber defences NSW Treasury cyber incident contained, impact no longer ‘significant’ Report: AI-based data incidents on the rise in Australia WA rental scam surge: Tenants targeted with fake $500 discount trap Aussie Information Commissioner launches Privacy Awareness Week 2026 Unregistered branded text messages to be labelled ‘Unverified’ from 1 July US Federal Reserve outlines AI's influence on the finance sector Exclusive: Major Australian jewellery brand confirms cyber incident Australian government establishes new Cyber Incident Review Board Watch this! Komari server monitor tool abused by hackers Act Now! ACSC warns of active exploitation of cPanel & WHM critical vulnerability Exclusive: Kiwi electrical contractor confirms cyber attack Over 1 in 2 firms have AI privacy concerns: Intuit Exclusive: Prime Properties listed as breach victim by M3rx ransomware Anthropic launches dedicated Claude Security platform to public beta DigiCert launches AI Trust architecture to secure agents, models, and content ‘Rebuilding the enterprise’: How CEOs are preparing for automation Op-Ed: Redefining performance in the AI-powered SOC Ukrainian official advocates for artificial intelligence, autonomous drones for battlefield deployment NZ council cyber attack leads to ID and financial data being exposed ‘Building confidence’: The key to effective AI implementation Vect unveiled: Inside an emerging ransomware group’s affiliate network Exclusive: Gelatissimo confirms unauthorised access, investigates DragonForce hack claims US Department of War launches cyber-focused apprenticeship program CrowdStrike launches Project QuiltWorks to tackle skyrocketing AI-discovered vulnerabilities Australian government stands up new ‘tripartite forum’ to tackle AI challenges in the workforce Aussie ice-cream franchise Gelatissimo suffers alleged hack by DragonForce Report: Aussie small businesses doing it tough as job scams double, losses rise Cyber attacks on medical devices pose ‘significant’ impact on real-life patient care Twisted Firestarter! Aussie, US, and UK cyber agencies warn of Cisco malware campaign Generation Life informs customers of “cyber incident” as owner shares incident with ASX CBA launches new scam-finding AI agent Australian Army research paper advocates for Australian national cyber reserve force, volunteer cyber organisations ANZ appoints its first chief AI officer Westpac appoints Chief AI Innovation Officer as part of technology push ADF strengthens skills as Cyber Command marks 2 years of operation Sri Lankan government hack sees $3.7m destined for Australia stolen Outsiders are already accessing Anthropic’s new AI model, but is Claude Mythos really that powerful? CrowdStrike extends cloud threat detection to Google Cloud Hey big spender! Microsoft to invest $25bn in Australian AI infrastructure AI adoption highest for finance and property SMEs, says NAB Genetec marks Sydney milestone with visit by high commissioner of Canada to Australia Rental platform under fire for collecting excessive personal data Exclusive: SA genealogical research firm confirms cyber incident following SafePay ransom claims Q&A: Quantum cryptography will be a “Y2k times 10 problem,” says DigiCert CEO PentenAmio announces acquisition of Armour Communications Exclusive: Aussie passports compromised in alleged Favelle Favco data breach Cutting edge: Anthropic’s Claude Mythos preview is a ‘double-edged sword’, expert says Treasury staffer charged for NSW government data breach Op-Ed: AI won’t patch the holes in your SOC AI is helping young investors get into the property market Australia’s financial regulators are keeping a close eye on Mythos Game on! More than a third of FIFA World Cup 2026 partners expose Aussies to email fraud risk Dark web markets: A complete Aussie identity costs as little as $200 Your next car may be designed by AI Exclusive: NSW-based Strata Republic allegedly breached by Kairos ransomware group Braclays warns that Mythos could prove a problem for larger banks with legacy systems Report: Data collection by school-backed apps in Australia is out of control and a risk to kids Kinetic IT appoints Kishore Jayaram in new chief transformation officer role Anthropic launches Claude Opus 4.7 as researchers reveal fake Claude installer spreading malware Australian Federal Court embraces AI in new practice note FOI docs reveal information commissioner’s concerns over Age Assurance Technology Trial Mortgage fraud now harder to detect thanks to AI McGraw Hill confirms ShinyHunters breach, won’t confirm if any Aussie customers impacted Update now: Active exploitation of Nginx UI vulnerability CVE-2026-33032 underway Op-Ed: Australia inspired the EU’s online age restrictions, now it’s time for us to learn from them National Defence Strategy 2026: Spending on military cyber capability to reach at least $15bn Exclusive: Qld pharmacy chain allegedly breached by Kairos ransomware Anthropic co-founder confirms Trump admin was informed about Mythos AI model European Commission’s new age verification app removes privacy risk of third-party data collection Op-Ed: ASIO has broken its silence on cyber crime, and you should listen Too-hard basket: NIST to scale back CVE updates as vulnerabilities soar OpenAI launches GPT 5.4-Cyber in response to Anthropic Glasswing CHROs must lead the AI transformation, AI CEO says Op-Ed: Microsoft April Patch Tuesday reveals 167 vulnerabilities Kid stuff: Roblox to introduce safety improvements following Aus government warnings ADF joins international military exercise focused on cyber resilience and multi-domain operations The workforces impacted by the ‘AI axe’ OpenAI CEO’s home targeted in attempted drive-by just days after Molotov attack Report: Aussie youth increasingly turning to AI for mental health advice Exclusive: Aussie communications company Mastercom ‘aware’ of INC Ransom claims Booking.com confirms cyber incident, customer reservation data potentially compromised Report: Majority of CISOs not ready for the next big cyber attack Exclusive: Aboriginal community organisation confirms cyber incident following INC Ransom claims AMP to ‘embrace’ AI as tech reshapes banking WASTED! GTA developer Rockstar Games confirms hack as ShinyHunters demands ‘pay or leak’ Exclusive: Gunra ransomware lists Eric Davis Dental as breach victim Op-Ed: Why zero trust for OT should start at the boundary, not the boiler room Exclusive: NSW pharmacy management firm allegedly breached by INC Ransom US Treasury launches intelligence-sharing initiative with crypto companies Citigroup says AI speeds up new account openings Cyber war: Pro-Iranian hackers vow to fight on despite a fragile ceasefire with the US Exclusive: Victorian resort hotel allegedly breached by Space Bears ransomware Game on! Nationwide student competition aims to tackle Australia’s cyber skills gap Exclusive: Anubis ransomware gang claims hack of WA-based Shine Aviation Atlassian’s Confluence gets a dose of AI as standard SaaS loses steam
Exclusive: 2019 claims alleged cyber incident on Melbourne weight-loss clinic
Daniel Croft · 2026-06-19 · via Cyber Daily News

An infamous threat actor has claimed a cyber attack on an Australian weight-loss clinic, claiming to have stolen the data of tens of thousands of patients.

Exclusive: 2019 claims alleged cyber incident on Melbourne weight loss clinic

Based in Victoria, Elina Medical Weight Loss Clinic is a leading weight-loss centre that has worked with over 1,000 patients with weight-loss programs. The clinic forms part of Waverly GP in Glen Waverly, Victoria.

Notorious threat actor 2019 listed the clinic on an infamous hacking forum, claiming to have stolen the data of over 28,000 patients across over 300,000 records.

You’re out of free articles for this month

To continue reading the rest of this article, please log in.

According to the listing, allegedly stolen data includes names, addresses, dates of birth, email addresses, gender, home and mobile numbers, Medicare card details, postcodes, appointment records, including doctors, booking times, reminder status and payment status fields.

In the past, 2019 has both sold data and released it for free, with the latest listing being a one-time sale in exchange for cryptocurrency.

Sample data was also included in the 2019 listing; however, the legitimacy of the data has not been verified.

Responding to Cyber Daily’s request for comment, Elina Medical Weight Loss Clinic said it could confirm an unauthorised user gained access but the incident had been contained and an investigation is underway.

While the investigation is still in its early stages, we can confirm two Elina HotDoc user accounts were logged into by an unknown third party. The incident was quickly contained, with activity limited to these Elina accounts,” the clinic said.

The unknown third party no longer has access and Elina’s broader IT environment remains secure and unaffected.

Our clinic is operating as normal with zero disruption to patient care. Elina is working to verify what specific information within HotDoc has been accessed, so it can inform potentially impacted patients.”

The clinic also addressed the online claims and said that while they may prove concerning for customers, it is making security and its investigation its top priority.

We recommend that our patients remain vigilant against the risk of potential phishing emails or scam calls, which are often the most likely risk associated with unauthorised access to contact information,” the statement said.

We take cyber security seriously and are committed to keeping all our patients updated as we work to respond to this incident.

We are also liaising with the relevant authorities in response to this incident alongside various experts across the cyber security industry.

We would like to assure our patients that we are taking all appropriate steps to remediate this situation as swiftly as possible and have also implemented sophisticated monitoring systems to ensure we are aware of any further developments.

We understand this news may cause concern to our patients and would like to thank them for their ongoing support as we work to resolve this as swiftly as possible.”

Elina Medical Weight Loss Clinic then provided advice for consumers on how to protect themselves from any potential fallout, which includes not sharing personal information unless the recipient is confirmed and trustworthy, remaining vigilant against suspicious activity, keeping passwords up to date and using a password manager, using multi-factor authentication, not responding to suspicious links and phone calls and monitoring bank accounts.

Who is 2019?

Threat actor 2019 has been active on underground hacking forums since early 2026 and has made more than 30 leak posts in that time, with the majority referencing Australian victims such as the Australian Centre for the Moving Image and Services Australia.

While Australian organisations appear to be 2019’s preferred target, they have also listed entities from the United States, the United Arab Emirates, France, and Italy.

Generally, 2019 offers stolen data for free, but in some cases, it is sold online in a one-time sale in return for bitcoin, Ethereum or Monero cryptocurrencies.

Most recently, 2019 reached out to media and other individuals using what appeared to be the noreply email for the Australian Privacy Commission.

The emails, two of which were received by the Cyber Daily team, contained abnormal content with the email sent to this writer having the subject line “:(“ and simply reading “cybercriminals are not terrorists”, as well as a table that featured the words “f--- you”.

2019 was attributed to the incident as the emails also contained a link to what appears to be their user page on a threat forum.

A day later, on 10 June, the Productivity Commission (PC) confirmed the incident, stating it was aware of the issue and had launched an investigation into the matter.

“On 9 June 2026, some members of the public received unsolicited emails from a Productivity Commission email address. Some of these emails contained identifying information that the sender implied had been taken from PC records,” the Productivity Commission said.

“As a result of our initial investigation into this issue, we have determined that an external third party is the source of these emails. During our review, we found no evidence that any of the identifying information used in the emails has come from the PC. The PC website does not store personal data in a way that would expose user emails, and many of the affected individuals have had no prior engagement with the PC.”

The Productivity Commission added that a vulnerability was identified and had now been patched.

Cyber DailyWant to see more stories from trusted news sources?
Make Cyber Daily a preferred news source on Google.

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.