From July to December 2024 alone, the OAIC received 595 notifications of data breaches. The growing number of incidents highlights the rising threat to Australians’ privacy, especially from cyberattacks.
Privacy Commissioner Carly Kind said the sharp rise in data breaches shows the increasing risks posed by malicious actors. “The trends we are observing suggest the threat of data breaches is unlikely to diminish, and the risks to Australians are only likely to increase,” she stated.
Kind urged both businesses and government agencies to improve their privacy and security measures. “Australians trust businesses and government agencies with their personal information and expect it to be treated with care and kept secure,” she added.
Cyberattacks Dominate Breach Reports
Malicious and criminal attacks were the leading causes of data breaches, making up 69% of all reports in the second half of 2024. Cybersecurity incidents accounted for 61% of these.
Health service providers and the Australian government were the most affected sectors, reporting 20% and 17% of total breaches, respectively. Despite some improvements, the public sector still takes longer than private organisations to detect and report breaches.
Kind pointed out that individuals often have no choice but to share personal data to access government services, making it even more critical for agencies to ensure data security. “Timely notification ensures people are informed and can take steps to protect themselves,” she said.
Major Breaches in 2024 and 2025
Several high-profile incidents occurred during this period. In May 2024, electronic prescription provider MediSecure was hit by a ransomware attack, affecting around 12.9 million Australians. Taxi company 13cabs also reported suspicious network activity, and the Australian Human Rights Commission disclosed a breach in April 2025 involving its complaint webform.
Western Sydney University reported that the data of approximately 10,000 students had been compromised. These breaches add to a growing list of major attacks in recent years, including those on Optus and Medibank.
Regulatory Action and Warnings
In response to a 2021 breach, the OAIC accepted an enforceable undertaking from Oxfam Australia, showing the regulator’s ability to take formal action where necessary.
The OAIC also warned organisations to remain alert to phishing, impersonation, and other social engineering attacks, which continue to be widely used by cybercriminals.
The report underscores the urgent need for stronger data protection measures across all sectors in Australia.
Source: Computer Weekly
Tags:
Cybercrime in World
