A West Australian publisher of educational resources for teachers is responding to a hacker’s publication of what they claim is the purchasing data of more than 116,000 customers.
The threat actor, 2019, is the same individual who has claimed a string of breaches of Australian organisations, from CentreLink to the Melbourne International Film Festival.
In a 4 June post to a popular hacking forum, 2019 shared a link to the data and published a sample of the records. Like many such leak posts, the data was offered for free, but only to those who replied to the original post.
To date, the post has received 22 replies, with one forum member stating, “Great contribution. Thank you for sharing this.” The data includes full names, email addresses, phone numbers, street and IP addresses, order details, and school names.
R.I.C Publications is aware of the hacker’s claims and is actively investigating the incident, as well as a series of unauthorised emails sent to its customers.
“R.I.C. Publications has recently identified an incident involving an unauthorised email sent on 30 May 2026 from an automated email function associated with our website,” an R.I.C Publications spokesperson told Cyber Daily.
“We have also become aware that a third party has published a document online claiming to contain data obtained from our systems without authorisation.
“We understand this news may cause concern, and [we] wish to assure our stakeholders that we are investigating this claim as a priority. We are also conducting a review of our security systems as a precautionary measure.”
R.I.C Publications said it had found no evidence of any further impact on its systems or data, and that payment information had not been compromised.
“As a precaution, we encourage all stakeholders to remain vigilant for potential phishing emails or scam calls,” the spokesperson said.
“We take cyber security seriously and are committed to keeping our stakeholders updated as we respond to this incident.”
The company is working with cyber security experts and is liaising with the relevant authorities.
Who is 2019?
Threat actor 2019 has been active on underground hacking forums since early 2026 and has made a total of 35 leak posts in that time, with the majority referencing Australian victims.
While Australian organisations appear to be 2019’s preferred target, they have also listed entities from the United States, the United Arab Emirates, France, and Italy.
Who is R.I.C Publications?
Based in Balcatta, Western Australia, R.I.C Publications describes itself as Australia’s “largest supplementary resource publisher”.
The company provides resources across the curriculum, as well as digital offerings. R.I.C Publications also operates in the UK, Ireland, South Africa, Malaysia, and New Zealand.
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.