19 May Security Report – 15 May 2026
Phishing continues to be the most common and successful cyberattack method, with a large proportion of organisations expecting to be targeted. Attackers are increasingly focusing on exploiting human behaviour rather than technical weaknesses, as employees remain the easiest entry point into an organisation. Industry data shows that the human behaviour is involved in the majority of breaches (around 68%), highlighting that user actions—such as clicking malicious links or disclosing credentials—are a primary risk factor
The impact of these attacks is significant, both financially and operationally. The average global cost of a data breach is now approximately $4.44 million, with additional consequences including business disruption, downtime, reputational damage, and regulatory exposure. Despite ongoing security awareness programs, many employees still struggle to identify phishing attempts, and studies show that only a minority can consistently recognise suspicious emails. This makes ongoing training and user awareness a critical component of any cybersecurity strategy.
At the same time, organisations are increasingly adopting AI-driven tools to improve email security, threat detection, and response capabilities. While AI can significantly enhance speed and accuracy in identifying threats, many businesses remain cautious and continue to rely on human oversight to validate decisions and manage risk. The cybersecurity landscape is becoming more complex, and although budgets are rising—particularly towards AI and advanced security solutions—organisations still face ongoing challenges, including skills shortages, evolving attack methods, and the need to balance technology with strong governance and user education.
Recent Breaches
Australia – Kingborough Council – Government & Public Sector
Exploit: Misconfiguration
Risk to Business: Moderate: Kingborough Council, a local government body in Tasmania, disclosed a cyber incident that temporarily made property owners’ and occupiers’ names and addresses accessible online. On April 30, the exposure occurred due to a misconfiguration caused by human error, which made personal data publicly accessible. The council launched an investigation the same day and quickly restricted access to the information. It confirmed that no internal systems were compromised and there is no evidence that the data was altered or extracted. Since the data was accessible via a public link rather than user-specific accounts, it remains unclear whether anyone accessed the information or how many individuals may have been affected.
United States – Vimeo – Media, Sports & Entertainment
Exploit: Ransomware & Malware
Risk to Business: Moderate: The broad ransomware campaign by ShinyHunters continues to send shockwaves across industries, with new high-profile victims emerging, including video platform Vimeo, digital training giant Udemy and medical device manufacturer Medtronic. Vimeo confirmed that hackers accessed user and customer data following a breach involving a third-party vendor. The attackers reportedly gained access to databases containing technical data, video titles, metadata and customer email addresses. ShinyHunters claimed responsibility for the attack, stating that data was extracted from Vimeo’s Snowflake and BigQuery environments. Alarmingly, the campaign continues to expand, with the group claiming to have stolen 1.4 million records from Udemy. Meanwhile, Medtronic confirmed that certain corporate IT systems were compromised, adding to the growing list of affected organisations.
Talk to a TCT team member today about implementing IT strategy plan for your business.
Robert Brown
15/5/2026
Related Articles:
5-Minute Browser Extension Security Check
LinkedIn Recruitment Scams