Melbourne Interational Film Festival data breach

Melbourne Interational Film Festival

What Happened

In late May 2026, the Melbourne International Film Festival (MIFF) suffered a data breach involving its third‑party ticketing platform Ferve, after an attacker gained unauthorised access to customer records and used the system to send bizarre texts and emails to patrons. MIFF’s June 2026 cyber‑incident statement and security industry reporting indicate that more than 340,000 customer records may have been affected, though Ferve’s earlier notice referenced at least 26,700 individuals initially identified as impacted. The exposed data reportedly included names, email addresses, phone numbers and residential addresses, but not full credit card numbers or account passwords, as MIFF and Ferve stated that payment card details were not stored in full. Customers began receiving strange SMS messages (such as a single sad‑face emoji) and spoofed emails referencing Miley Cyrus around 29–30 May 2026, prompting MIFF to notify affected users, involve the Australian Cyber Security Centre, and implement additional security controls while investigating the breach and working to remove exposed data from illicit markets.

Compromised Assets

  • address
  • city
  • email
  • full name
  • phone
  • zip code

Check your company's
exposed credentials

Enter your work email to instantly access a free account
and see your company’s exposed credentials.

Related Breaches