https://www.abc.net.au/news/2025-03-27/data-16000-nine-newspapers-readers-breach/105105692
A cybersecurity breach has exposed the personal data of thousands of subscribers to Nine newspapers, including the Sydney Morning Herald, The Age and The Australian Financial Review.
Approximately 16,000 print subscribers had their names, postal addresses and email addresses left exposed online following what the company described as “an unauthorised change” to a third-party supplier that had access to subscriber details. Nine emphasized that payment details and passwords were not affected in the breach.
Nine was first alerted to the data exposure by a security researcher who discovered that subscriber information held by the third-party supplier was not protected according to Nine’s internal data protocols. The company stated that there was no breach of its internal technology infrastructure and that the exposed data is no longer visible online.
“While there has been no breach of Nine’s internal technology infrastructure, Nine treated this matter seriously and worked with the third party to resolve the issue,” a spokesperson for the company said. “The customer personal information that was held by the provider was limited to name, postal address and/or email address.”
Nine is currently in the process of contacting all impacted subscribers, though security experts warn that the exposed information could put thousands of users at risk of targeted cyber attacks.
This marks the second major cybersecurity incident reported in Australia within days, following a separate breach where 9,000 sensitive court files were downloaded from the NSW Courts online registry last week.