Australian Retail Threat Report · 2026

Before its your Breach

A leadership guide to the cyber threats reshaping Australian Retail. 

Four real breaches.  Australia’s most recognised retail brands.  Every one of them preventable – and dissected, control by control in this report.

Download the report

Get the report

Each one could have been stopped

This report dissects exactly what happened — then re-examines each breach against the architecture that would have contained it.

01

Real Incident Analysis

Sydney Tools, Total Tools, Stan Cash, The Iconic, and Dan Murphy's. Every breach dissected with timelines, attack vectors, and the specific controls that were missing.

02

Regulatory exposure mapped

Privacy Act reform, mandatory ransomware reporting now in force, PCI DSS 4.0 active, and OAIC breach notifications at their highest level ever.

03

What would have changed

Each breach re-examined against the architecture that would have contained it. No ambiguity. No abstraction. No hypotheticals.

Incident Ledger

Four breaches. One pattnern.

None of these took sophistication. An open database. An unguarded checkout. Recycled passwords. A trusted vendor. Each was avoidable — and together they map exactly where Australian retail is being hit.

0 M

Orders Exposed

0 K

Cards Compromised

0 K+

Accounts Drained

0 day

ransom deadline