Subject: Cyber security incident – Further Updated Notice 

We wish to inform you of a recent cyber security incident impacting Friendly Care Management Pty Ltd (FCM), the management company that supports the FriendlyCare Pharmacy group. 

We have responded to this incident with the assistance of our forensics experts and cybersecurity advisors with the utmost urgency. 

Our investigations have confirmed that no FriendlyCare Pharmacy systems were affected. The impacted systems are isolated to FCM. 

Relevant Australian Government agencies have been notified, and we are cooperating with officials to respond to this criminal activity. 

We understand this may cause concern to our community, and we want to provide you with as much information as we can about the current situation. 

Being a victim of reprehensible conduct by a cyber criminal organisation has been challenging, and we greatly appreciate the support of our community at this time. 

In response to the incident, FCM has been successful in obtaining an injunction from the Supreme Court of NSW. The orders of the injunction restrains the access, use, transmission or publication of any data exfiltrated. 

This positive outcome supports FCM’s efforts to protect our data and respond proactively to the incident.

 

What has happened? 

On Wednesday, 15 April 2026, we identified suspicious activity within the FCM IT network and immediately commenced an investigation. 

We became aware certain information associated with FCM had been referenced on a dark-web leak site of a cyber criminal organisation. 

As a result of criminal activity, data stored within FCM’s IT system was accessed and removed without authorisation. This data includes personal and sensitive information of our customers and staff. 

We emphasise this data is not data from FriendlyCare Pharmacy systems, which have not been impacted. 

On Friday, 1 May 2026, we obtained an injunction from the Supreme Court of New South Wales, which has been served on the criminal organisation. 

The injunction restrains the criminal organisation or any third party (including media) from using or disclosing any of the information impacted. Non-compliance with a Court order can have serious enforcement consequences. 

We are continuing to monitor all developments regarding this incident closely, and we will provide further updates in due course as additional information becomes available.

 

What are we doing about the incident? 

We are taking this incident very seriously and have responded accordingly. 

We are urgently working with our forensics experts and cybersecurity advisors to undertake a comprehensive investigation of the incident and the data stolen by the criminal organisation. 

We are also working with relevant Government agencies in response to this incident including the National Office of Cyber Security, Australian Cyber Security Centre and Australian Federal Police. 

The incident has also been reported to the Office of the Australian Information Commissioner, and we will be directly notifying individuals impacted by this incident in accordance with our privacy obligations. 

We are committed to communicating with you transparently with any information that is relevant to you.

 

What can you do?

 

While our investigation continues, how this incident may have impacted any individuals is still being ascertained on an urgent basis. 

Nonetheless, you should always be vigilant when it comes to your personal information by taking the following precautionary steps: 

1.        Monitor your accounts: Regularly check your financial and online accounts for unusual activity. 

2.        Be vigilant for scams: Be cautious of unexpected emails, texts, or calls. Do not click on suspicious links or share personal information. 

3.        Reset your passwords: Use strong, unique passwords for each account. Avoid reusing passwords across services. 

4.        Enable Multi-Factor Authentication (MFA): MFA adds an extra layer of security and should be enabled wherever possible. 

5.        Visit IDCARE: For personalised support and further guidance, visit https://www.idcare.org/. 

6.        Review Scamwatch and ACSC resources: For advice on protecting yourself online, visit https://www.scamwatch.gov.au/ and https://www.cyber.gov.au/.  

7.        Report suspicious or threatening behaviour immediately: If you believe you are being targeted or harassed as a result of this incident, or if you feel your safety may be at risk, contact Triple Zero (000) immediately for emergency assistance. For non-urgent matters, you may also contact your local police station or report cybercrime via https://www.cyber.gov.au/report.  

8.        Australian Taxation Office can apply protective measures to your Tax File Number: These measures aim to detect fraudulent activity. There is nothing further you need to do; however, if you have any concerns, you may wish to contact the ATO’s specialist Client Identity Support Centre on 1800 467 033. More information is available at https://www.ato.gov.au/.
 

More information and further updates 

If you would like any further information relating to this incident at this stage, please email contact@friendlycare.com.au and we will respond as soon as we can. 

We will also provide further updates at www.friendlycare.com.au as more information becomes available from the investigation. 

Thank you for your understanding and support at this time. 

Sincerely,

 

Matthew Mayne

Managing Director

Friendly Care Management Pty Ltd 

8 May 2026