Back

Data Breach at Film Festival Exposes Personal Information of 26,782 Customers

Severity: Medium (Score: 54.8)

Sources: Ia.Acs.Au, Theage.Au, Abc.Au

Published: 2026-06-01 · Updated: 2026-06-01

Keywords: film, festival, hack, information, melbourne, exposed, personal

Summary

The Melbourne International Film Festival (MIFF) is investigating a data breach affecting over 26,000 customers due to a hack of its third-party ticketing provider, Ferve Tickets. The breach, confirmed on June 1, 2026, allowed unauthorized access to names, email addresses, phone numbers, and residential addresses, but not payment card details. MIFF became aware of the incident on May 29, 2026, and took immediate action to contain the breach. However, a subsequent hack on May 30 led to some customers receiving odd messages from MIFF's official channels. Ferve Tickets stated that there was no evidence of vulnerabilities in their systems, and MIFF has advised affected customers to be cautious of suspicious communications. The total number of exposed records represents approximately 10% of MIFF's customer database. Investigations are ongoing, and MIFF has contacted affected customers with information about the incident. Key Points: • 26,782 customer records exposed in MIFF data breach due to a hack of Ferve Tickets. • No complete payment card details were compromised; only personal information was accessed. • Customers received strange messages from MIFF's official channels after the breach.

Detailed Analysis

**Impact** 26,782 customers of the Melbourne International Film Festival (MIFF), representing approximately 10% of its total customer database, had their personal information exposed. Data compromised includes names, email addresses, phone numbers, and residential addresses. No payment card details or account passwords were accessed. The breach affects individuals primarily in Australia and poses risks of identity theft and social engineering. Operationally, MIFF faced unauthorized messaging sent through official channels, causing reputational damage and customer concern. **Technical Details** The attack involved unauthorized access to a third-party ticketing platform, Ferve Tickets, used by MIFF to manage customer data. Initial access occurred before Friday, with a subsequent unauthorized access on Saturday allowing the attacker to send emails and SMS messages via MIFF’s official communication systems. No specific malware, CVEs, or tools were identified in the reports. Containment actions included suspending administrator access, blocking malicious IP addresses, and disabling affected logins. Indicators of compromise include suspicious emails and SMS messages containing nonsensical content or emoticons sent through legitimate MIFF channels. **Recommended Response** Defenders should monitor for unusual login activity and unauthorized use of messaging systems within ticketing platforms and related third-party services. Block IP addresses associated with the incident and enforce multi-factor authentication for administrative access. Customers should be warned to avoid clicking on suspicious links or providing personal information in unsolicited communications. Continue collaboration with cybersecurity authorities and third-party vendors to identify further indicators and strengthen system access controls.

Source articles (3)

  • Film festival customer data exposed in hack of third-party ticketing platform — Theage.Au · 2026-06-01
    Melbourne International Film Festival organisers are investigating how the personal information of more than 26,000 customers was exposed by a hack of a ticket seller. Festival organisers on Monday wa…
  • Film festival hack leaves thousands fearing identity theft | Information Age — Ia.Acs.Au · 2026-06-01
    Melbourne’s most popular annual film festival has suffered a security incident impacting the personal information of nearly 27,000 filmgoers. On Sunday night, attendees of Melbourne International Film…
  • Melbourne International Film Festival customers' data leaked via Ferve platform — Abc.Au · 2026-06-01
    More than 26,000 Melbourne International Film Festival customers may have been caught up in a data breach of the event's ticketing platform. The festival became aware of the issue on Friday, May 29. A…

Timeline

  • 2026-05-29 — MIFF becomes aware of data breach: MIFF learned of the unauthorized access to customer data through Ferve Tickets and began containment efforts.
  • 2026-05-30 — Second hack leads to odd messages sent: A follow-up incident allowed unauthorized messages to be sent from MIFF's official communication channels, including strange texts and emails.
  • 2026-06-01 — Ferve confirms hack and ongoing investigation: Ferve Tickets confirmed the breach and stated they are working with MIFF and authorities to assess the situation.

Related entities

  • Data Breach (Attack Type)
  • Ferve Tickets (Company)
  • Melbourne International Film Festival (Company)
  • CWE-200 - Exposure of Sensitive Information (Cwe)
  • idcare.org (Domain)
  • T1041 - Exfiltration Over C2 Channel (Mitre Attack)
  • Ferve (Platform)
  • Ferve Platform (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed