A

Australian Centre for the Moving Image (ACMI) Data Breach 2026:
What You Need to Know

A threat actor claimed to have published data on more than 25,000 Australian Centre for the Moving Image (ACMI) customers, taken via a third-party system used for its Cinema 3 streaming service. Here is what happened, what was reportedly exposed, and steps you can take to protect yourself.

Identified:2 June 2026
Records (alleged):~25,000
Risk level:High

Your personal risk from this breach

Sign in or create a free account to see your personalised risk score.

View My Risk

What Happened

How the ACMI Breach Unfolded

Late May 2026

A threat actor gained unauthorised access to a third-party system used for ACMI's Cinema 3 streaming service, the platform ACMI uses for online film hire. The exact date of the intrusion has not been made public.

2 June 2026

ACMI identified the data breach. Its technology team contained the incident and secured the platform, and ACMI says a full review of its systems found no further breaches.

June 2026

A threat actor using the alias “2019” published a dataset it claimed contained the personal data of more than 25,000 ACMI customerson a hacking forum. The same actor claimed responsibility for the Melbourne International Film Festival (MIFF) breach around the same time. ACMI acknowledged the claims and confirmed some customer data was impacted, but said it had not verified the actor's specific figures.

ACMI said all customers who have hired an online title through its Cinema 3 streaming service are affected. The 25,000 figure and the exact fields are the threat actor's claims and had not been independently confirmed by ACMI at the time of writing.

June 2026

ACMI said it notified the Australian Signals Directorate's Australian Cyber Security Centre (ACSC) and worked with the Victorian Government Cyber Incident Response Service and the third-party provider to investigate the cause. ACMI confirmed that payment card details and passwords were not compromised, as those are not stored in the affected system.

Source: Cyber Daily

What Was Exposed

Personal Data Reportedly Leaked in the Breach

ACMI confirmed that some customer data from its Cinema 3 service was impacted and that no payment card details or passwords were exposed. The threat actor separately claimed the published data includes the fields below. ACMI had not confirmed the actor's specific figures at the time of writing, so the table reflects the actor's claims.

Data TypeRisk LevelWho Was Affected
Full nameHighCinema 3 online-hire customers (in the published dataset)
Email addressHighCinema 3 online-hire customers (in the published dataset)
Date of birthHighAlleged by the threat actor (ACMI has not confirmed specifics)
GenderLowAlleged by the threat actor
IP addressMediumAlleged by the threat actor
Order / rental details (titles hired, dates, payment method type)MediumAlleged by the threat actor
Sign-in metadata (no passwords)MediumAlleged by the threat actor

Risk levels based on the OAIC: What is personal information? and OAIC Australian Privacy Principles. Name, email, and especially date of birth are rated High because that combination is commonly used to verify identity at banks and telcos and is a direct ingredient for identity fraud. IP address, order history, and sign-in metadata are rated Medium as account and phishing-reconnaissance data.

✅ Confirmed NOT Exposed

ACMI confirmed that payment card details and passwords were not compromised, because they are not stored in the affected system.

Company Response

What ACMI Did

“As soon as the breach was identified, our technology team contained the incident and secured the platform.”
ACMI statement (as reported by Cyber Daily)

Actions Taken by ACMI

  • Contained the incident and secured the Cinema 3 platform on identifying the breach
  • Conducted a full review of its systems, with no further breaches identified
  • Notified the Australian Signals Directorate's Australian Cyber Security Centre (ACSC)
  • Worked with the Victorian Government Cyber Incident Response Service and the third-party provider to investigate the cause
  • Confirmed payment card details and passwords were not compromised

What Now?

Steps You Can Take After the ACMI Breach

No passwords or financial data were exposed, but the reported combination of name email and date of birth is a stronger identity-fraud ingredient than contact data alone. Here are general best-practice steps, organised by the accounts most commonly affected.

ACMI and Streaming Accounts

Your ACMI Cinema 3 details were reportedly exposed. Other streaming accounts may use the same email.

Secure your ACMI Cinema 3 account

~5 min
If you have an ACMI Cinema 3 account, it is good practice to update the password and enable multi-factor authentication (MFA) where available, and review recent account activity. ACMI has said passwords were not compromised, but changing it is a sensible precaution.
Go to ACMI Cinema 3

Review other streaming and event accounts

Where the same email address or password has been reused across other streaming, cinema, or event platforms, consider updating those credentials too. Credential reuse is one of the most common ways a single breach spreads to other accounts.

Email and Digital Identity

Your email is the key to your digital identity. Securing it is a sensible first step.

Strengthen email security

~5 min
Updating the password and enabling MFA on the email account tied to your ACMI Cinema 3 account is widely recommended. It is also worth checking email forwarding rules and connected-app permissions, which can be abused to silently intercept messages.

Understand your full account exposure

Most people have dozens of online accounts linked to one email address. When that email is exposed in a breach, mapping which services are connected is a critical first step in assessing your personal risk.

Identity Protection

Name and date of birth together are commonly used in identity verification by financial institutions.

Consider a credit ban (especially with date of birth exposed)

~20 min
Because date of birth was reportedly in the exposed data alongside name and email, the combination could be used in attempts to open credit in your name. Placing a free credit ban with Australian credit bureaus prevents new credit from being opened without additional verification.

Stay alert for targeted phishing

Exposed name email and rental history can be used to craft convincing phishing messages that reference real ACMI activity. Do not click links in unexpected messages, and verify through acmi.net.au directly.

Monitoring and Reporting

Australian resources for breach response and identity protection.

Contact IDCare or report to Scamwatch

IDCare (1800 595 160) is Australia's national identity and cyber support service and provides free, tailored guidance for people affected by data breaches. Reporting to Scamwatch helps authorities track emerging threats.

Check your exposure across breaches

Reviewing which of your accounts share the exposed email is a practical way to prioritise what to secure first, especially if your data also appeared in other recent Australian breaches.

Not sure which of your accounts are affected?

In The Event Of helps you find the accounts linked to your email and shows your breach exposure, so you can work through a clear, prioritised plan after an incident.

Check My Email Free

Are You Still at Risk?

The Hidden Danger: Compound Breach Exposure

The ACMI breach did not happen in isolation. If your data also appeared in other major Australian breaches, the combination of leaked information can build a more complete identity profile.

How breach data compounds

On its own, the ACMI breach reportedly exposed names, emails, and dates of birth. But if your email also appeared in the Optus or Medibank breaches, the combined data set may include identity documents, Medicare details, and health records. This kind of compound exposure significantly increases the risk of identity fraud.

  • Melbourne Film Festival / MIFF (2026)~26,782 records - name, email, phone, postal address
  • Optus (2022)9.8M records - passport, licence, Medicare numbers
  • Medibank (2022)9.7M records - health claims, Medicare details
  • ACMI (2026)~25,000 records - name, email, date of birth (alleged)

If your email appears in two or more of these breaches, your risk level is significantly elevated. In The Event Of can overlay your breach data to show exactly where your exposure compounds, and help you prioritise what to address first.

Related Melbourne arts breach: MIFF (2026)

Days before the ACMI incident, the Melbourne International Film Festival (MIFF) was hit by a breach claimed by the same threat actor. If you have used both, your combined exposure is worth reviewing.

Read the MIFF guide

Were you affected?

Find out in 30 seconds. Free to check.

Check My Email Free

No credit card required.

Frequently Asked Questions

ACMI Breach FAQ

Other Major Australian Data Breaches

Data from multiple breaches can be combined to increase identity fraud risk. Review these guides to understand your full exposure.

Melbourne Film Festival Data Breach 2026

~26,782 records exposed

High

UWA Callista Student System Data Breach 2026

Undisclosed records exposed

Medium

University of Sydney Data Breach 2025

~27K records exposed

High

NYC Health + Hospitals Data Breach 2026

~1.8M records exposed

Critical

Australian Courts Data Breach 2026

Thousands of files records exposed

Critical

youX Data Breach 2026

~444K records exposed

High

Prosura Data Breach 2026

300K-500K records exposed

High

Canvas (Instructure) Data Breach 2026

~275M (claimed) records exposed

Medium

Booking.com Data Breach 2026

Undisclosed records exposed

High

McGraw Hill Data Breach 2026

13.5M records exposed

High

Crunchyroll Data Breach 2026

Undisclosed records exposed

High

Eurail Data Breach 2026

300K+ records exposed

High

Basic-Fit Data Breach 2026

1M records exposed

High

Under Armour Data Breach 2025

72M records exposed

High

Salesforce (ShinyHunters) Data Breach 2025

~1B records exposed

High

Allianz Life Data Breach 2025

2.8M records exposed

High

Workday Data Breach 2025

Undisclosed records exposed

Medium

Western Sydney University Data Breach 2025

10K records exposed

High

Genea Fertility Data Breach 2025

940K records exposed

Critical

DeepSeek Data Breach 2025

1M records exposed

Medium

Tangerine Telecom Data Breach 2024

232K records exposed

High

Australian Clinical Labs Data Breach 2022

223K records exposed

Critical

Qantas Data Breach 2025

5.7M records exposed

High

Optus Data Breach 2022

9.8M records exposed

Critical

Medibank Data Breach 2022

9.7M records exposed

Critical

Latitude Financial Data Breach 2023

14M records exposed

Critical

MyDeal (Woolworths) Data Breach 2022

2.2M records exposed

High

Guides to read next

In The Event Of is an Australian digital footprint manager that helps you find the accounts linked to your email, see your breach exposure, and work through a prioritised action plan. These guides walk through the steps:

Disclaimer: This guide is provided for general informational purposes only and does not constitute legal, financial, or professional advice. It is based on publicly available reporting at the time of writing, including claims made by a threat actor that had not been fully verified. In The Event Of Pty Ltd (ABN 38 687 352 647) is not affiliated with the Australian Centre for the Moving Image (ACMI). If you believe you have been affected by this data breach, we recommend contacting the relevant authorities and seeking professional guidance specific to your circumstances.