The Australian government-funded National Disability Insurance Scheme (NDIS) has been compromised after a hacking attack on the cloud-based server of a private company, CTARS. The company confirmed that on 15 May 2022 its systems were compromised and a sample of the stolen data was posted on a dark web forum on 21 May 2022. The stolen data includes documents containing personal information relating to NDIS customers and their clients and carers. The company is regarding all of its stored data as compromised and urges customers to be cautious. This incident highlights the need for increased cybersecurity measures for organizations managing sensitive and personal data.