---
title: "A School. A Court. A Toy Shop. What Do These Organisations Have in Common?"
description: "A school. A court. A toy shop. A resort hotel. What do they have in common? Insicon Cyber unpacks the cyber incidents hitting ANZ orgs in 2026 — and why no sector, size, or geography is off the target list."
type: blog
version: 2
version_id: "e693a43f-14fb-446e-b50e-9e5269244e22"
generated_at: "2026-04-14T23:23:32.820Z"
author: "Insicon Cyber"
date_published: "2026-04-13T01:15:00.000Z"
date_modified: "2026-04-14T23:21:12.995Z"
language: en
reading_time: "9 min"
word_count: 1793
keywords: ["We have a question for you.", "Now look at that list again."]
url: "https://insiconcyber.com/blog/what-do-these-organisations-have-in-common"
---

# A School. A Court. A Toy Shop. What Do These Organisations Have in Common?

> A school. A court. A toy shop. A resort hotel. What do they have in common? Insicon Cyber unpacks the cyber incidents hitting ANZ orgs in 2026 — and why no sector, size, or geography is off the target list.

## Key Takeaways

- We have a question for you.
- The organisations targeted in 2026 (so far)
- Now look at that list again.
- Why this matters... And Should Matter More
- There is no safe harbour in obscurity

## Contents

- [We have a question for you.](#we-have-a-question-for-you)
- [The organisations targeted in 2026 (so far)](#the-organisations-targeted-in-2026-so-far)
- [Now look at that list again.](#now-look-at-that-list-again)
- [Why this matters... And Should Matter More](#why-this-matters-and-should-matter-more)
- [There is no safe harbour in obscurity](#there-is-no-safe-harbour-in-obscurity)
- [What we ask of boards and executive teams](#what-we-ask-of-boards-and-executive-teams)

5 min read

# A School. A Court. A Toy Shop. What Do These Organisations Have in Common?

 [Insicon Cyber](https://insiconcyber.com/blog/author/insicon-cyber) : Updated on April 14, 2026

[Cyber Security](https://insiconcyber.com/blog/tag/cyber-security) [Governance](https://insiconcyber.com/blog/tag/governance) [Insicon Cyber](https://insiconcyber.com/blog/tag/insicon-cyber)

Play

A School. A Court. A Toy Shop. What Do These Organisations Have in Common?

AI-generated audio

10:43

## We have a question for you.

Read this list carefully. Think about what connects these organisations.

1,700 Victorian government schools. Australian state and federal courts across five jurisdictions. A New Zealand medication management platform serving aged-care residents. A children's toy retailer with dozens of stores across Australia and New Zealand. A resort hotel and conference venue on Victoria's Mornington Peninsula. A global medical technology company.

Take your time.

Ready?

> There is no connection. That's the point.

## The organisations targeted in 2026 (so far)

Every incident below is drawn from publicly reported events in the first four months of 2026.

In January 2026, a cyber attack impacted all 1,700 Victorian government schools, with student data accessed by an unauthorised third party. The Victorian government confirmed it was working with cyber experts and other government agencies to respond, stating there was no evidence the data had been released publicly or shared with other third parties. Source: Cyber Daily, January 2026.

In February 2026, a significant security incident exposed highly sensitive Australian court data. Canadian transcription firm VIQ Solutions admitted it had subcontracted court recording work to an Indian technology firm, resulting in the exposure of confidential court files across courts in NSW, Victoria, Queensland, Western Australia, and South Australia. An investigation by ABC News broke the story in mid-February, and VIQ subsequently acknowledged the incidents were reasonably likely to have a material financial impact on the company.

In February 2026, MediMap, a New Zealand medication management platform serving aged-care, hospice, disability and medical facilities, was the target of a cyber attack. Patient records were altered. Some elderly residents were incorrectly marked as deceased. Nurses could not confirm which medications to administer, and facilities reverted to paper-based systems while the platform was restored. Health New Zealand activated its Cyber Incident Management Team in response. Source: Cyber Daily, March 2026.

In March 2026, children's toy retailer Charlie Bears, which operates dozens of stores across Australia and New Zealand, was listed as a victim by the LockBit ransomware operation on its darknet leak site. After the publication deadline passed, LockBit subsequently released the alleged breach data.

In March 2026, global medical technology company Stryker was targeted by the Iran-linked Handala hacking group, which claimed to have wiped 12 petabytes of company data.

In April 2026, Brooklands of Mornington, a resort-style hotel and conference venue on Victoria's Mornington Peninsula, was listed on the Space Bears ransomware group's dark web leak site. The group claimed to have stolen personal data belonging to guests and staff, as well as financial documents.

## Now look at that list again.

State government education. The justice system. Aged-care software. Children's toy retail. Global medical devices. A regional hospitality venue.

Public and private. Large and small. Australian and New Zealand. Community-serving and commercial. Critical infrastructure and high street retail. Nation-state actors and opportunistic criminal gangs.

> There is no sector in common. No size threshold that confers immunity. No ownership structure that provides protection. No geography within Australia and New Zealand that sits outside the crosshairs. These organisations share almost nothing in terms of what they do, where they operate, or who they serve.

The only thing they share is this: they were targeted; or was it because they were vulnerable...

## Why this matters... And Should Matter More 

The comfortable assumption is that attackers come looking for someone else. Someone in banking. Someone with patient records on a large scale. Someone bigger, richer, more strategically interesting.

That assumption is not just wrong. The incidents above demolish it completely.

The ASD Annual Cyber Threat Report 2024-25 is clear that cybercriminals target Australian organisations for financial gain through the theft of data or the disruption of services to elicit payment, while state-sponsored actors conduct operations for espionage, interference and pre-positioning for disruptive effects. Neither category discriminates by sector, size, or geography. Source: ASD, cyber.gov.au.

In March 2026, the Australian Cyber Security Centre issued a formal advisory outlining the activity of ransomware group INC Ransom and the threat their operations currently pose to networks in Australia, New Zealand, and the Pacific island states, specifically calling out small and medium businesses as an audience focus.

> The toy retailer. The regional resort. The dental clinic. None of them feature in anyone's threat model as a high-value target. That is precisely what makes them attractive. Understaffed IT teams, limited security tooling, no dedicated incident response capability. Opportunity, not strategic interest, drives most attacks in 2026.

Modern attacker toolkits, automation, and AI have lowered the skill barrier and accelerated reconnaissance, meaning adversaries can now uncover misconfigurations and identity gaps in complex enterprise environments faster than defenders can close them. If that is true for enterprise environments, consider what it means for organisations operating without a dedicated security function.

The court data incident is the one that should sharpen executive attention most. VIQ Solutions was not hacked in the traditional sense. It offshored work to a subcontractor. A supply chain decision, not a technical failure, exposed confidential court files across five Australian jurisdictions. The courts themselves held no liability for the vendor's governance failure. But the damage was done. Since May 2025, entities with annual turnover of at least $3 million must notify the ASD within 72 hours if they make a ransomware payment, and under the Notifiable Data Breaches scheme organisations must assess whether a breach is likely to result in serious harm and, if so, notify both the Office of the Australian Information Commissioner and affected individuals. The regulatory exposure now follows the incident, regardless of where the failure originated.

## There is no safe harbour in obscurity

Attackers do not research your sector before they probe your network. They test credentials, scan for unpatched systems, probe supply chain entry points, and sell access to whoever will pay for it. The school system, the aged-care platform, the resort hotel. Each was targeted not because of what they were, but because of what they had and what gaps existed.

The pattern across Australia and New Zealand in 2026 is not a pattern at all. It is noise. Random, indiscriminate, relentless noise. And that is the most important thing any board can understand about the current threat environment.

## What we ask of boards and executive teams

We are not asking you to assume breach and live in paralysis. We are asking you to retire one specific assumption: that your organisation is not interesting enough to be targeted.

> Every organisation in Australia and New Zealand that holds data, processes payments, manages staff, or provides services is a target. Full stop. The question your board should be asking is not whether you are a target. It is whether you have the visibility, the controls, the vendor governance, and the response capability to make an attack survivable.

Governance is the starting point. Not a firewall purchase. Not a compliance checkbox. Governance. Understand your risk. Know your critical assets and your critical suppliers. Test your response plan before you need it. Ensure your board has access to independent, expert advice that carries no conflict of interest.

At Insicon Cyber we work alongside boards and executive teams across Australia and New Zealand, helping organisations build security postures that are proportionate, practical, and defensible. Not theory. Operational reality, grounded in what is actually happening across the threat landscape right now.

The organisations in this post did not choose to become case studies. They became them because the threat landscape does not wait for anyone to be ready.

We can help you be ready.

[Contact Insicon Cyber](https://cta-ap1.hubspot.com/web-interactives/public/v1/track/click?encryptedPayload=AVxigLLkQk3hGJxf%2FqON%2B%2FrI9rEzX7d9yiigIcXm%2BsKOlDN5jXA%2FOcxwRXoWGBU5qLIOKd8f0BgfRkm1gogHVxPpenTZNKl5nbmpTxzHT9ts3TBpl3c3tzKdJp4CblOnUIeXI%2BC%2BUtImgpi4CKyQimduEy2TEwHVddaNaDo3PmlR3KY6V5y%2B&portalId=22526539)

* * *

**Sources**

Cyber Daily (January 2026): [https://www.cyberdaily.au/security/13095-all-1-700-victorian-government-schools-caught-up-in-cyber-attack-student-data-accessed](https://www.cyberdaily.au/security/13095-all-1-700-victorian-government-schools-caught-up-in-cyber-attack-student-data-accessed)

ABC News / Cyber News Centre (February 2026): [https://www.cybernewscentre.com/22nd-february-2026-cyber-update-australian-court-data-exposed-in-major-third-party-breach-2/](https://www.cybernewscentre.com/22nd-february-2026-cyber-update-australian-court-data-exposed-in-major-third-party-breach-2/)

Cyber Daily (March 2026): [https://www.cyberdaily.au/security/13334-are-we-charlie-kirk-nz-medical-service-hacked-to-change-patient-names-and-living-status](https://www.cyberdaily.au/security/13334-are-we-charlie-kirk-nz-medical-service-hacked-to-change-patient-names-and-living-status)

Cyber Daily (April 2026): htt[ps://www.cyberdaily.au/security/13412-exclusive-cuddly-toy-maker-charlie-bears-allegedly-hacke](ps://www.cyberdaily.au/security/13412-exclusive-cuddly-toy-maker-charlie-bears-allegedly-hacke)d

Cyber Daily (March 2026): [https://www.cyberdaily.au/security/13337-update-stryker-hackers-claim-to-have-wiped-12-petabytes-of-company-da](https://www.cyberdaily.au/security/13337-update-stryker-hackers-claim-to-have-wiped-12-petabytes-of-company-da)ta

Cyber Daily (April 2026): [https://www.cyberdaily.au/security/13440-exclusive-victorian-resort-hotel-allegedly-breached-by-space-bears-ransomware](https://www.cyberdaily.au/security/13440-exclusive-victorian-resort-hotel-allegedly-breached-by-space-bears-ransomware)

ASD Annual Cyber Threat Report 2024-25: [https://www.cyber.gov.au/about-us/view-all-content/reports-and-statistics/annual-cyber-threat-report-2024-2025](https://www.cyber.gov.au/about-us/view-all-content/reports-and-statistics/annual-cyber-threat-report-2024-2025)

ACSC Alerts and Advisories (March 2026): [https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/inc-ransom-affiliate-model-enabling-targeting-of-critical-networks](https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/inc-ransom-affiliate-model-enabling-targeting-of-critical-networks)

Insurance Business Australia (February 2026): [https://www.insurancebusinessmag.com/au/news/cyber/qilin-ransomware-activity-adds-pressure-on-australian-insurers-566534.aspx](https://www.insurancebusinessmag.com/au/news/cyber/qilin-ransomware-activity-adds-pressure-on-australian-insurers-566534.aspx)

Interactive Australia (December 2025): [https://www.interactive.com.au/insights/2025-in-cyber-the-threats-that-changed-the-landscape-and-how-to-stop-them-in-2026/](https://www.interactive.com.au/insights/2025-in-cyber-the-threats-that-changed-the-landscape-and-how-to-stop-them-in-2026/) 

[](https://insiconcyber.com/blog/what-do-these-organisations-have-in-common)

#### [A School. A Court. A Toy Shop. What Do These Organisations Have in Common?](https://insiconcyber.com/blog/what-do-these-organisations-have-in-common)

 [Insicon Cyber](https://insiconcyber.com/blog/author/insicon-cyber): 13/04/26 11:15 AM

We have a question for you. Read this list carefully. Think about what connects these organisations. 1,700 Victorian government schools. Australian...

[Cyber Security](https://insiconcyber.com/blog/tag/cyber-security) [Governance](https://insiconcyber.com/blog/tag/governance) [Insicon Cyber](https://insiconcyber.com/blog/tag/insicon-cyber)

[Read More](https://insiconcyber.com/blog/what-do-these-organisations-have-in-common)

[](https://insiconcyber.com/blog/acsc-code-repository-attack-advisory-australia-new-zealand)

#### [Australia's Code Repositories Are Under Active Attack.](https://insiconcyber.com/blog/acsc-code-repository-attack-advisory-australia-new-zealand)

 [Insicon Cyber](https://insiconcyber.com/blog/author/insicon-cyber): 7/04/26 12:33 PM

The Second Warning in Five Months Should Settle ANY Debate. The Australian Signals Directorate's Australian Cyber Security Centre issued its first...

[Cyber Security](https://insiconcyber.com/blog/tag/cyber-security) [Governance](https://insiconcyber.com/blog/tag/governance) [Essential Eight](https://insiconcyber.com/blog/tag/essential-eight) [AI](https://insiconcyber.com/blog/tag/ai) [Insicon Cyber](https://insiconcyber.com/blog/tag/insicon-cyber)

[Read More](https://insiconcyber.com/blog/acsc-code-repository-attack-advisory-australia-new-zealand)

[](https://insiconcyber.com/blog/payroll-cyber-risk-payment-redirection-australia-2026)

#### [Your Payroll System Is a Cyber Target: What ANZ Boards Need to Know](https://insiconcyber.com/blog/payroll-cyber-risk-payment-redirection-australia-2026)

 [Insicon Cyber](https://insiconcyber.com/blog/author/insicon-cyber): 31/03/26 11:14 AM

Australia lost $2.18 billion to scams in 2025. That figure, published by the Australian Competition and Consumer Commission (ACCC) in its Targeting...

[Cyber Security](https://insiconcyber.com/blog/tag/cyber-security) [Governance](https://insiconcyber.com/blog/tag/governance) [Insicon Cyber](https://insiconcyber.com/blog/tag/insicon-cyber)

[Read More](https://insiconcyber.com/blog/payroll-cyber-risk-payment-redirection-australia-2026)

[](https://insiconcyber.com/blog/2026-cyber-security-predictions)

1 min read

#### [Cyber Security Predictions for 2026](https://insiconcyber.com/blog/2026-cyber-security-predictions)

 [Insicon Cyber](https://insiconcyber.com/blog/author/insicon-cyber) : 15/12/25 12:46 PM

When we speak with Australian and New Zealand CEOs about cyber security today, the conversation has fundamentally shifted. We're no longer discussing...

[Cyber Security](https://insiconcyber.com/blog/tag/cyber-security) [Governance](https://insiconcyber.com/blog/tag/governance) [Essential Eight](https://insiconcyber.com/blog/tag/essential-eight) [Insicon Cyber](https://insiconcyber.com/blog/tag/insicon-cyber)

[Read More](https://insiconcyber.com/blog/2026-cyber-security-predictions)

[](https://insiconcyber.com/blog/from-compliance-to-resilience)

1 min read

#### [From Compliance to Resilience: Future-Proofing Businesses Across Australia and New Zealand](https://insiconcyber.com/blog/from-compliance-to-resilience)

 [Insicon Cyber](https://insiconcyber.com/blog/author/insicon-cyber) : 21/10/25 10:37 AM

As Cyber Security Awareness Month in Australia and Cyber Smart Week in New Zealand progress, businesses across both nations face a critical question:

[Cyber Security](https://insiconcyber.com/blog/tag/cyber-security) [ISO 27001](https://insiconcyber.com/blog/tag/iso-27001) [Governance](https://insiconcyber.com/blog/tag/governance) [Insicon Cyber](https://insiconcyber.com/blog/tag/insicon-cyber)

[Read More](https://insiconcyber.com/blog/from-compliance-to-resilience)

[](https://insiconcyber.com/blog/healthcare-under-siege)

1 min read

#### [Healthcare Under Siege: Why Managed Security Services Are Essential Against Growing Cyber Threats](https://insiconcyber.com/blog/healthcare-under-siege)

 [Insicon Cyber](https://insiconcyber.com/blog/author/insicon-cyber) : 30/06/25 12:58 PM

The cyber threat landscape for healthcare continues to deteriorate, with the Data Breach Notification of the 2024 attack on McLaren Health Care...

[Cyber Security](https://insiconcyber.com/blog/tag/cyber-security)

[Read More](https://insiconcyber.com/blog/healthcare-under-siege)

---

## About This Content

**Source:** [A School. A Court. A Toy Shop. What Do These Organisations Have in Common?](https://insiconcyber.com/blog/what-do-these-organisations-have-in-common)
**Author:** Insicon Cyber
**Published:** April 13, 2026

*This content is provided for informational purposes. Please visit the original source for the most up-to-date information.*