Powered by MOMENTUMMEDIA
For breaking news and daily updates, subscribe to our newsletter
user icon Login
Become a free member

Exclusive: SA genealogical research firm confirms cyber incident following SafePay ransom claims

Threat actors have claimed to have hacked a South Australia-based genealogy non-profit, allegedly having stolen and published data.

author profile
Daniel Croft
Thu, 23 Apr 2026 Security
Exclusive: SA genealogical research firm confirms cyber incident following SafePay ransom claims

Founded in 1973 and previously known as the South Australian Genealogy & Heraldry Society, Genealogy SA is a non-profit organisation and the largest family history society in Australia. The company focuses on genealogical research and family history, and it has over 4,300 members, supported by roughly 230 volunteers.

Genealogy SA was listed on the dark web leak site of the SafePay ransomware gang on 16 April, with the group threatening to publish the data a number of days after the listing was made.

You’re out of free articles for this month

The group has since uploaded data it claims to have stolen from the company, including business, financial and insurance documents, historic genealogical data, personal details in correspondence, internal templates and labels and more.

 
 

Speaking with Cyber Daily, Genealogy SA said it was aware of the claims and that it has since contained the incident.

“We are aware of the claims made by SafePay. This relates to an incident that was discovered by us back in February 2026,” the company said.

“Immediately at the time of discovering the incident, we engaged cyber security experts to contain and investigate the incident. We can confirm that the incident is resolved, and we have communicated with our members about the incident.”

Who is SafePay?

SafePay was first observed in October 2024 and has claimed more than 450 victims since then.

The group has been observed targeting businesses in Australia, the United Kingdom, the United States, Italy, New Zealand, Canada, Belgium, Brazil, Germany, Barbados, and Argentina.

According to the group, it is not a ransomware-as-a-service (RaaS) operation.

“SafePay ransomware has never provided and does not provide the RaaS,” SafePay said on its leak site.

The group’s most recent Australian victim was Malaysia-headquartered heavy crane company Favelle Favco, which has Australia-based offices.

The group was also responsible for a ransomware attack on IT giant Ingram Micro in July 2025, which led to the company contacting more than 42,000 individuals whose personally identifiable information (PII) had been compromised by the hackers.

Cyber DailyWant to see more stories from trusted news sources?
Make Cyber Daily a preferred news source on Google.
Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.
Tags:

You have0 free articles left this month.
Register for a free account to access unlimited free content.
You have 0 free articles left this month.