What happened
In early 2024 the records-management supplier ZircoDATA was breached, with the incident surfaced by Australia’s National Cyber Security Coordinator [zd-cd]. Data belonging to downstream clients was exposed — including identity and visa data from a Home Affairs translating service, and decades-old family-violence and sexual-assault support records held for Monash Health [zd-cd], [zd-cd2].
Current status
Disclosed. As a supplier incident the exposure spans many clients; no single count of affected individuals has been published, so none is asserted here.
Why it matters
A records-management vendor concentrates other organisations’ most sensitive archives; one breach can expose government and health data across unrelated clients at once.