Cyber Incident Victim: Arts and Culture Trust

On July 22, 2022, multiple prominent Western Australian arts organizations disclosed a significant data breach impacting customer information. The affected entities included Perth Festival, Black Swan State Theatre Company, Western Australian Ballet, and Western Australian Opera, all managed under the Arts and Culture Trust umbrella. The breach originated from a compromise of third-party software utilized by these organizations for customer data processing. Customers received direct email notifications from the Arts and Culture Trust on the same day, confirming unauthorized access to their personal information. While the notification confirmed data exposure, specific details regarding the types of compromised data or the number of affected individuals were not publicly disclosed in initial communications. The incident was characterized as a "massive" and "major" breach by media reports, indicating a substantial scope.

The breach impacted several of Western Australia’s largest arts institutions simultaneously due to their shared reliance on the compromised third-party software provider. No further technical specifics regarding the attack vector, duration of unauthorized access, or identity of threat actors were revealed in the immediate disclosure. The Arts and Culture Trust’s primary confirmed response action involved direct customer notification through email, advising them of the exposure. The organizations did not initially disclose whether law enforcement was engaged or if additional forensic investigations were underway. Customer personal information remained confirmed as exposed, though the absence of detailed public statements left the full extent of operational, financial, or reputational consequences unclear at the time of initial reporting.