Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Clive Palmer’s United Australia Party has informed its members of a data breach, but admits “it is impracticable to notify individuals”.
A pair of Australian political parties associated with firebrand mining magnate Clive Palmer have confirmed they were the victims of a ransomware attack last month.
According to a data breach notice on the United Australia Party (UAP) website, both it and Palmer’s Trumpet of Patriots party fell victim to a cyber attack on 23 June.
“On 23 June 2025, we identified unauthorised access to our servers resulting in access to, and the possible exfiltration of, certain data records. We were the subject of a ransomware cyber attack,” the breach notification said.
“The data records potentially include all emails to and from the political parties (including their attachments) and documents and records created and or held electronically by the political parties at any time in the past.”
The UAP, however, cannot confirm what data was compromised.
“The compromised data may include your personal information which you have provided to the political parties or which it has created,” the party said.
“This could include, for example, your email address, phone number, identity records, banking records, employment history, documents (including those provided subject to confidentiality arrangements) and the like.”
The party said it cannot “know comprehensively” what data was impacted, but that anyone involved with the party should assume that their data has been compromised. Similarly, the party has said it will not be contacting those involved in the data breach.
“We do not keep a record of all individuals who were on the server,” the party said.
“We have determined it is impracticable to notify individuals.”
What the UAP has done is notify both the Office of the Australian Information Commissioner and the Australian Signals Directorate. The party has also told its members and involved individuals to “review your communications … with us” in order to identify what information could possibly have been compromised.
“We sincerely apologise for this incident and are taking steps to ensure it does not happen again,” the party said.
At the time of writing, no ransomware operator has claimed responsibility for the cyber attack. Cyber Daily has reached out to the UAP and its parliamentary contact, Senator Ralph Babet, for further comment.
Opinion: Not good enough
Cyber Daily rarely editorialises around data breaches – they can happen to anyone – but the lack of care and poor response to this incident is remarkable. Palmer’s parties have effectively put the onus of discovering what personal data has been compromised on their own party members and affiliates, which could, though this figure is disputed, add up to as many as 80,000 people.
Similarly, simply sending a blanket email to parties who may be affected and then washing their hands of the matter, claiming the impractical nature of putting in the work that the majority of data breach victims in Australia manage to achieve, shows a breathtaking lack of care.
While we must applaud the parties for coming forward, there is simply no excuse for not managing and properly auditing data of this type in 2025. It’s cyber security 101, and if the UAP and Trumpet of Patriots can’t be trusted to adequately manage and secure the data of its members, it’s certainly not fit to represent them in politics.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
