In May 2026, Gregory Jewellers became the latest Australian retailer to fall victim to a serious ransomware attack. The Kairos ransomware gang claimed responsibility for the breach, stealing 574GB of sensitive data from the business. That data included client personal information, purchase history, internal business documents, and at least one customer passport. The incident has since been reported to the Office of the Australian Information Commissioner (OAIC) and the Australian Cyber Security Centre (ACSC).

The Gregory Jewellers data breach is a stark reminder that no business is too small, too niche, or too trusted to be targeted by cybercriminals. Whether you are a customer of Gregory Jewellers or a business owner watching this unfold, there are important lessons and actions to take.

What Happened in the Gregory Jewellers Data Breach

Gregory Jewellers, a well-known Australian jewellery retailer, was targeted by the Kairos ransomware gang in an attack that resulted in the theft of 574GB of data. Ransomware attacks typically involve cybercriminals gaining access to a business network, encrypting files to render them unusable, and then threatening to publish or sell stolen data unless a ransom is paid.

The Kairos ransomware group is a cybercriminal operation that has targeted organisations across multiple industries. Their approach follows a pattern common to modern ransomware gangs: infiltrate, exfiltrate, encrypt, and extort. In the case of Gregory Jewellers, the attackers successfully extracted a substantial volume of data before triggering their ransomware payload.

The stolen data set is particularly concerning because of the nature of the information involved. It included:

• Client personal information, including names, contact details, and identifying data
• Customer purchase history
• Internal business documents
• At least one customer passport

Passport data is among the most sensitive categories of personal information. A stolen passport can be used to facilitate identity fraud, open fraudulent financial accounts, or bypass identity verification checks. The exposure of even a single passport in a breach represents a serious risk for the individual involved.

Gregory Jewellers confirmed the incident and reported it to both the OAIC and the ACSC, fulfilling their obligations under the Notifiable Data Breaches scheme. That scheme requires Australian businesses with a turnover above $3 million to notify affected individuals and the OAIC when a data breach is likely to result in serious harm.

How Gregory Jewellers Responded

Following the breach, Gregory Jewellers reported the incident to the OAIC and the ACSC, which are the correct regulatory and government bodies to notify in Australia. Reporting to these bodies is not optional for businesses subject to the Privacy Act. It is a legal obligation, and it triggers a formal response process.

While the full details of Gregory Jewellers internal response have not been publicly disclosed, notifying the OAIC means the business has initiated the formal breach response process. The OAIC can provide guidance, assess whether the business has met its obligations, and in serious cases, investigate whether any breaches of the Privacy Act occurred.

The fact that the breach has been publicly reported is important for customers. It means affected individuals can be notified and can take steps to protect themselves. Transparency in the aftermath of a breach, while difficult, is the right approach for any business that values its customer relationships.

What Affected Gregory Jewellers Customers Should Do

If you are a customer of Gregory Jewellers and believe your data may have been compromised, there are clear and practical steps you should take immediately.

Monitor Your Identity and Financial Accounts

Check your bank accounts, credit cards, and any financial accounts for unusual or unauthorised transactions. Report anything suspicious to your financial institution immediately. Australian banks have fraud teams that can freeze accounts and investigate suspicious activity quickly.

Place a Credit Alert or Credit Freeze

Contact Australian credit reporting bodies such as Equifax, Experian, or illion to place an alert on your credit file. This can help prevent fraudulent credit applications being approved in your name without your knowledge.

Report If Your Passport Was Involved

If Gregory Jewellers held a copy of your passport and you believe it may have been exposed, contact the Australian Passport Office. They can advise you on whether you need to apply for a new passport and what additional steps to take to protect your identity.

Watch for Phishing Attempts

After a data breach, affected individuals often receive targeted phishing emails or phone calls from criminals pretending to be the breached company, a government agency, or a financial institution. Be cautious about any unsolicited contact asking for personal information or payments. Verify the identity of any caller before sharing information.

Contact IDCARE for Support

IDCARE is Australia’s national identity and cyber support service. They provide free support for Australians who have been affected by data breaches and can help you navigate the process of protecting your identity. You can reach them at idcare.org.

Check HaveIBeenPwned

The website haveibeenpwned.com allows you to search for your email address and check whether it has appeared in known data breaches. While it may not include this specific breach immediately, it is a useful ongoing tool for monitoring your exposure.

Why the Gregory Jewellers Breach Matters to Australian Businesses

The Gregory Jewellers data breach is not just a story for customers of that specific business. It is a warning for every Australian organisation that holds customer data, and that includes almost every business operating today.

Retailers, professional services firms, and small-to-medium businesses often underestimate their attractiveness as ransomware targets. The assumption that cybercriminals only go after large enterprises or government agencies is dangerously outdated. Ransomware gangs like Kairos operate at scale. They use automated tools to identify vulnerable systems, and they target businesses of all sizes because smaller organisations often have weaker defences and fewer resources to respond.

The 574GB of data stolen from Gregory Jewellers represents years of accumulated customer information. Every purchase, every customer interaction, every piece of personal information collected over the course of doing business was potentially in that dataset. For customers, that is a privacy nightmare. For the business, it represents reputational damage, regulatory scrutiny, and potential legal liability.

Australian businesses also need to understand the regulatory environment. The Notifiable Data Breaches scheme creates real obligations. Failure to report a qualifying breach, or failing to have adequate security measures in place, can result in significant penalties. The Privacy Act is currently under review, and proposed reforms would increase the maximum penalties for serious or repeated breaches significantly.

Ransomware is also not a static threat. Gangs like Kairos continually evolve their techniques. Modern ransomware attacks often begin weeks or months before the encryption event, with attackers quietly moving through a network, identifying valuable data, and establishing persistence. By the time the ransom demand appears, the damage is often already done.

General Cybersecurity Advice for Australian Businesses

Understanding how ransomware attacks happen is the first step toward preventing them. Here is practical advice that applies to any Australian business, regardless of size or industry.

Implement Multi-Factor Authentication Everywhere

Multi-factor authentication (MFA) requires users to verify their identity using a second factor beyond a password. This makes it significantly harder for attackers to use stolen credentials to access your systems. MFA should be enabled on every account, particularly email, remote access tools, and cloud services.

Keep Software and Systems Patched and Updated

Many ransomware attacks exploit known vulnerabilities in unpatched software. Maintaining a regular patching schedule across all systems, including operating systems, applications, and firmware, reduces the attack surface available to cybercriminals.

Maintain Tested, Offline Backups

Backups are your last line of defence against ransomware. If an attacker encrypts your data, a clean, recent backup allows you to restore operations without paying a ransom. Backups must be stored offline or in an immutable format so that ransomware cannot encrypt them as well. Testing your backups regularly ensures they will work when you need them.

Segment Your Network

Network segmentation limits the movement of an attacker who has gained access to part of your environment. If a workstation is compromised, proper segmentation can prevent the attacker from moving laterally to servers, databases, or other critical systems.

Train Your Team to Recognise Phishing

The majority of ransomware attacks begin with a phishing email. Regular security awareness training teaches staff to recognise suspicious emails, avoid clicking unknown links, and report potential threats before they escalate.

Engage a Managed Cybersecurity Provider

For most Australian businesses, maintaining an in-house security team with the expertise to detect and respond to modern ransomware attacks is not feasible. Engaging a provider of managed cybersecurity services gives your business access to enterprise-grade security monitoring, threat detection, and incident response capabilities without the overhead of building those functions internally.

Develop and Test an Incident Response Plan

Knowing what to do when a breach occurs dramatically reduces the damage. An incident response plan outlines the steps your business will take to contain, assess, and recover from a cyber incident. It should include communication protocols, regulatory notification obligations, and recovery procedures.

Is Your Business Prepared?

The Gregory Jewellers data breach is a case study in why cybersecurity cannot be treated as an afterthought. A trusted retailer with years of customer relationships now faces the difficult task of rebuilding trust after a serious incident. The reputational, regulatory, and operational consequences of a ransomware attack are real and lasting.

If you are not confident in your business’s ability to detect, prevent, or respond to a ransomware attack, now is the time to act. Otto IT’s team of cybersecurity specialists works with Australian businesses to assess their security posture, implement protective controls, and ensure they are prepared for the threat landscape they actually face.

You can get in touch with our team to discuss your business’s cybersecurity needs, or book a consultation directly with one of our specialists. The cost of a conversation is far lower than the cost of a breach.

Frequently Asked Questions

What is the Gregory Jewellers data breach?

The Gregory Jewellers data breach refers to a ransomware attack carried out by the Kairos ransomware gang in May 2026. The attackers stole 574GB of data from Gregory Jewellers, including client personal information, purchase history, internal documents, and at least one customer passport. The incident was reported to the OAIC and the ACSC.

Who carried out the Gregory Jewellers attack?

The Kairos ransomware gang claimed responsibility for the attack on Gregory Jewellers. Kairos is a criminal ransomware operation that targets businesses across various industries.

What data was stolen in the Gregory Jewellers breach?

The stolen data included client personal information, customer purchase history, internal business documents, and at least one customer passport. In total, 574GB of data was taken from the business.

What should I do if my data was part of the Gregory Jewellers breach?

Monitor your financial accounts for suspicious activity, consider placing a credit alert with Australian credit reporting bodies, contact the Australian Passport Office if your passport was involved, watch for phishing attempts, and contact IDCARE at idcare.org for identity support.

Does the Gregory Jewellers breach affect other Australian businesses?

The breach is a reminder for all Australian businesses that hold customer data. Ransomware gangs target organisations of all sizes, and businesses need to ensure they have adequate cybersecurity controls, backup strategies, and incident response plans in place.

What is the Notifiable Data Breaches scheme?

The Notifiable Data Breaches scheme requires Australian businesses with a turnover above $3 million to notify the OAIC and affected individuals when a data breach is likely to result in serious harm. Gregory Jewellers fulfilled this obligation by reporting the breach to the OAIC and the ACSC.

How can my business protect against ransomware attacks like this?

Key measures include implementing multi-factor authentication, maintaining a regular patching schedule, keeping tested offline backups, segmenting your network, training staff to recognise phishing, and engaging a provider of managed cybersecurity services. Otto IT can help assess and improve your business’s security posture.