A threat actor has published 3 separate alleged data sale listings targeting Australian organizations, claiming to possess customer databases belonging to Melbourne International Film Festival (MIFF), R.I.C. Publications, and Silver Rose.
The claims have not been independently verified, and it remains unclear whether the datasets originate from recent compromises, older breaches, third party providers, or previously exposed data.
Three Australian organizations appear in separate listings
The largest alleged dataset involves Melbourne International Film Festival (MIFF), where the actor claims to possess more than 340,000 customer records.
According to the listing, the purported database contains customer names, company information, email addresses, phone numbers, physical addresses, booking totals, registration dates, membership information, and purchase history data.
A second listing targets Silver Rose, an Australian provider of graduation services, academic gown hire, photography, event registration solutions, certificate frames, and graduation merchandise. The actor claims the database contains more than 150,000 customer records.
The alleged Silver Rose dataset reportedly includes order numbers, customer names, email addresses, mobile numbers, delivery addresses, graduation-related purchase information, transaction amounts, and payment card metadata.
The third listing names R.I.C. Publications, an Australian educational publishing company that develops classroom resources, lesson plans, workbooks, and digital learning materials. According to the actor, the database contains more than 116,000 customer records.
The purported R.I.C. Publications dataset allegedly includes customer names, email addresses, telephone numbers, physical addresses, school names, order information, payment details, and IP address data.
Claims total more than 600,000 records
Across the 3 listings, the threat actor claims the datasets contain more than 606,000 customer records.
The posts include field descriptions and sample references intended to support the claims, while the actor advertises the databases for sale in exchange for cryptocurrency.
The same threat actor was previously linked to an alleged data sale involving restaurant technology provider HungerRush. BreachNews previously reported on the alleged 26.8 million-record HungerRush customer database sale.
While the actor provided sample data references and detailed field descriptions for each listing, there is currently no public evidence confirming the authenticity of the datasets or whether any of the named organizations experienced a cybersecurity incident.
Verification remains outstanding
If authentic, the alleged datasets could expose customer contact information, purchase histories, membership records, educational purchasing information, and other personal data that could be leveraged in phishing, fraud, or social engineering campaigns.
However, threat actor claims alone should not be treated as confirmation of a breach.
Melbourne International Film Festival, R.I.C. Publications, and Silver Rose had not issued any public statements regarding the alleged incidents at time of publication.
BreachNews will continue monitoring for company responses, regulatory disclosures, or additional evidence that may help verify the claims.
