Australian Centre for the Moving Image (ACMI) Data Breach 2026:
What You Need to Know
A threat actor claimed to have published data on more than 25,000 Australian Centre for the Moving Image (ACMI) customers, taken via a third-party system used for its Cinema 3 streaming service. Here is what happened, what was reportedly exposed, and steps you can take to protect yourself.
Your personal risk from this breach
Sign in or create a free account to see your personalised risk score.
What Happened
How the ACMI Breach Unfolded
Late May 2026
A threat actor gained unauthorised access to a third-party system used for ACMI's Cinema 3 streaming service, the platform ACMI uses for online film hire. The exact date of the intrusion has not been made public.
2 June 2026
ACMI identified the data breach. Its technology team contained the incident and secured the platform, and ACMI says a full review of its systems found no further breaches.
June 2026
A threat actor using the alias “2019” published a dataset it claimed contained the personal data of more than 25,000 ACMI customerson a hacking forum. The same actor claimed responsibility for the Melbourne International Film Festival (MIFF) breach around the same time. ACMI acknowledged the claims and confirmed some customer data was impacted, but said it had not verified the actor's specific figures.
ACMI said all customers who have hired an online title through its Cinema 3 streaming service are affected. The 25,000 figure and the exact fields are the threat actor's claims and had not been independently confirmed by ACMI at the time of writing.
June 2026
ACMI said it notified the Australian Signals Directorate's Australian Cyber Security Centre (ACSC) and worked with the Victorian Government Cyber Incident Response Service and the third-party provider to investigate the cause. ACMI confirmed that payment card details and passwords were not compromised, as those are not stored in the affected system.
Source: Cyber Daily
What Was Exposed
Personal Data Reportedly Leaked in the Breach
ACMI confirmed that some customer data from its Cinema 3 service was impacted and that no payment card details or passwords were exposed. The threat actor separately claimed the published data includes the fields below. ACMI had not confirmed the actor's specific figures at the time of writing, so the table reflects the actor's claims.
| Data Type | Risk Level | Who Was Affected |
|---|---|---|
| Full name | High | Cinema 3 online-hire customers (in the published dataset) |
| Email address | High | Cinema 3 online-hire customers (in the published dataset) |
| Date of birth | High | Alleged by the threat actor (ACMI has not confirmed specifics) |
| Gender | Low | Alleged by the threat actor |
| IP address | Medium | Alleged by the threat actor |
| Order / rental details (titles hired, dates, payment method type) | Medium | Alleged by the threat actor |
| Sign-in metadata (no passwords) | Medium | Alleged by the threat actor |
Risk levels based on the OAIC: What is personal information? and OAIC Australian Privacy Principles. Name, email, and especially date of birth are rated High because that combination is commonly used to verify identity at banks and telcos and is a direct ingredient for identity fraud. IP address, order history, and sign-in metadata are rated Medium as account and phishing-reconnaissance data.
✅ Confirmed NOT Exposed
ACMI confirmed that payment card details and passwords were not compromised, because they are not stored in the affected system.
Company Response
What ACMI Did
“As soon as the breach was identified, our technology team contained the incident and secured the platform.”
Actions Taken by ACMI
- Contained the incident and secured the Cinema 3 platform on identifying the breach
- Conducted a full review of its systems, with no further breaches identified
- Notified the Australian Signals Directorate's Australian Cyber Security Centre (ACSC)
- Worked with the Victorian Government Cyber Incident Response Service and the third-party provider to investigate the cause
- Confirmed payment card details and passwords were not compromised
What Now?
Steps You Can Take After the ACMI Breach
No passwords or financial data were exposed, but the reported combination of name email and date of birth is a stronger identity-fraud ingredient than contact data alone. Here are general best-practice steps, organised by the accounts most commonly affected.
ACMI and Streaming Accounts
Your ACMI Cinema 3 details were reportedly exposed. Other streaming accounts may use the same email.
Secure your ACMI Cinema 3 account
~5 minReview other streaming and event accounts
Email and Digital Identity
Your email is the key to your digital identity. Securing it is a sensible first step.
Strengthen email security
~5 minUnderstand your full account exposure
Identity Protection
Name and date of birth together are commonly used in identity verification by financial institutions.
Consider a credit ban (especially with date of birth exposed)
~20 minStay alert for targeted phishing
Monitoring and Reporting
Australian resources for breach response and identity protection.
Check your exposure across breaches
Not sure which of your accounts are affected?
In The Event Of helps you find the accounts linked to your email and shows your breach exposure, so you can work through a clear, prioritised plan after an incident.
Are You Still at Risk?
The Hidden Danger: Compound Breach Exposure
The ACMI breach did not happen in isolation. If your data also appeared in other major Australian breaches, the combination of leaked information can build a more complete identity profile.
How breach data compounds
On its own, the ACMI breach reportedly exposed names, emails, and dates of birth. But if your email also appeared in the Optus or Medibank breaches, the combined data set may include identity documents, Medicare details, and health records. This kind of compound exposure significantly increases the risk of identity fraud.
- Melbourne Film Festival / MIFF (2026)~26,782 records - name, email, phone, postal address
- Optus (2022)9.8M records - passport, licence, Medicare numbers
- Medibank (2022)9.7M records - health claims, Medicare details
- ACMI (2026)~25,000 records - name, email, date of birth (alleged)
If your email appears in two or more of these breaches, your risk level is significantly elevated. In The Event Of can overlay your breach data to show exactly where your exposure compounds, and help you prioritise what to address first.
Related Melbourne arts breach: MIFF (2026)
Days before the ACMI incident, the Melbourne International Film Festival (MIFF) was hit by a breach claimed by the same threat actor. If you have used both, your combined exposure is worth reviewing.
Frequently Asked Questions
ACMI Breach FAQ
Sources
- Cyber Daily: "Hacker claims breach of the Australian Centre for the Moving Image, PII allegedly compromised"
- ACMI: Your museum of screen culture (official site)
- BlackFog: "The State of Ransomware: June 2026"
- Webber Insurance: List of Data Breaches and Cyber Attacks in Australia 2018-2026
- OAIC: What is personal information? (Privacy Act 1988 categories)
- OAIC: Australian Privacy Principles
- OAIC: Notifiable Data Breaches scheme
Other Major Australian Data Breaches
Data from multiple breaches can be combined to increase identity fraud risk. Review these guides to understand your full exposure.
Melbourne Film Festival Data Breach 2026
~26,782 records exposed
UWA Callista Student System Data Breach 2026
Undisclosed records exposed
University of Sydney Data Breach 2025
~27K records exposed
NYC Health + Hospitals Data Breach 2026
~1.8M records exposed
Australian Courts Data Breach 2026
Thousands of files records exposed
youX Data Breach 2026
~444K records exposed
Prosura Data Breach 2026
300K-500K records exposed
Canvas (Instructure) Data Breach 2026
~275M (claimed) records exposed
Booking.com Data Breach 2026
Undisclosed records exposed
McGraw Hill Data Breach 2026
13.5M records exposed
Crunchyroll Data Breach 2026
Undisclosed records exposed
Eurail Data Breach 2026
300K+ records exposed
Basic-Fit Data Breach 2026
1M records exposed
Under Armour Data Breach 2025
72M records exposed
Salesforce (ShinyHunters) Data Breach 2025
~1B records exposed
Allianz Life Data Breach 2025
2.8M records exposed
Workday Data Breach 2025
Undisclosed records exposed
Western Sydney University Data Breach 2025
10K records exposed
Genea Fertility Data Breach 2025
940K records exposed
DeepSeek Data Breach 2025
1M records exposed
Tangerine Telecom Data Breach 2024
232K records exposed
Australian Clinical Labs Data Breach 2022
223K records exposed
Qantas Data Breach 2025
5.7M records exposed
Optus Data Breach 2022
9.8M records exposed
Medibank Data Breach 2022
9.7M records exposed
Latitude Financial Data Breach 2023
14M records exposed
MyDeal (Woolworths) Data Breach 2022
2.2M records exposed
Guides to read next
In The Event Of is an Australian digital footprint manager that helps you find the accounts linked to your email, see your breach exposure, and work through a prioritised action plan. These guides walk through the steps:
Disclaimer: This guide is provided for general informational purposes only and does not constitute legal, financial, or professional advice. It is based on publicly available reporting at the time of writing, including claims made by a threat actor that had not been fully verified. In The Event Of Pty Ltd (ABN 38 687 352 647) is not affiliated with the Australian Centre for the Moving Image (ACMI). If you believe you have been affected by this data breach, we recommend contacting the relevant authorities and seeking professional guidance specific to your circumstances.