This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

United Australia Party

Summary

The United Australia Party and Trumpets of Patriots, political parties led by Clive Palmer, suffered a ransomware attack on 23 June 2025. The breach potentially exposed all historical emails, attachments, and electronic documents held by the parties, affecting an estimated 80,000 members and affiliates. The party controversially stated it would not directly contact affected individuals and admitted it could not comprehensively determine what data was compromised.

What Happened

On 23 June 2025, the United Australia Party and Trumpets of Patriots were targeted in a ransomware cyber attack. The breach potentially compromised all emails to and from the political parties including attachments, and documents and records created or held electronically at any time in the past. No ransomware operator had publicly claimed responsibility for the attack at the time of disclosure. The parties claimed to have notified the Office of the Australian Information Commissioner and the Australian Signals Directorate, though Australia's privacy commissioner later disputed this claim, stating the parties had not reported the breach to her office.

Impact on Individuals

The breach potentially affects up to 80,000 party members and affiliates. Compromised data potentially includes email addresses, phone numbers, identity records, banking records, employment history, and documents provided subject to confidentiality arrangements. The United Australia Party admitted it cannot "know comprehensively" what data was impacted and controversially placed the burden on party members and affiliates to discover what personal data may have been compromised rather than conducting individual notifications.

Organisational Response

The United Australia Party publicly disclosed the breach and stated it had notified the Office of the Australian Information Commissioner and the Australian Signals Directorate. However, the party stated it would not be directly contacting those involved in the data breach and could not comprehensively determine what data was affected. This approach drew criticism, with Australia's privacy commissioner later disputing that the parties had properly reported the breach to her office despite their public claims.

Verification Source: View original statement