Australia has witnessed a record number of data breaches, according to the privacy watchdog, which has warned the problem could worsen.
The Office of the Australian Information Commissioner (OAIC) said on Tuesday businesses and government agencies had reported 1,113 breaches in 2024 — up 25 per cent on the previous year.
It said this was the highest annual total since the introduction of mandatory data breach notification requirements in 2018.
"The trends we are observing suggest the threat of data breaches, especially through the efforts of malicious actors, is unlikely to diminish, and the risks to Australians are only likely to increase," said Australian Privacy Commissioner Carly Kind.
"Businesses and government agencies need to step up privacy and security measures to keep pace"
What does the data show?
The OAIC's latest report honed in on breaches it was notified of between July and December 2024 of which there were 595 — up 15 per cent on the previous six-month period.
It found 69 per cent of the data breaches were due to malicious or criminal attacks, with 29 per cent derived from human error and 2 per cent the result of system faults.
The majority of reported breaches affected fewer than 5,000 people each, but two breaches impacted between 500,000 and 1 million people.
Annan Boag, general manager, regulatory intelligence and strategy for the OAIC said the data reflects the "continuing information security challenges" Australia has faced since reporting began in 2018.
"Cyber risk is increasingly sophisticated and even entities with the strongest defences may experience a data breach," he said in a statement.
Source: SBS News
Consumer Data Right information only recorded one breach, and there were no breaches of Digital ID information or documents. Source: SBS News
The sectors that reported the highest number of data breaches were health service providers, followed by the Australian government; finance; legal, accounting and management services, and retail.
Professor Toby Murray, from the school of computing and information systems at the University of Melbourne, said the overall trends were not surprising.
"There is increased malicious activity, there's more hacking going on, there's more data being stolen. Some of that's because there's just more data," he told SBS News.
"Businesses are collecting more and more data, and it's more and more valuable. And so, there's more reason for malicious actors to want to steal that data."
However, he also said increased reporting could be a good thing, as it represents that data breaches are becoming more detectable than in previous years.
Health sector a 'really sensitive area'
Murray added it's hard to determine why health service providers reported the highest number of data breaches, but indicated there are major challenges the sector faces.
"Often the data that is being collected and managed in healthcare settings is not only quite private and personal, but it's often stored in a range of different systems," he said.
"Getting all of those systems to work well together where there aren't security holes is, of course, a major challenge, especially in an area like health where the volume and the different types of data that are being managed there are so wide."
Once data has been stolen, criminals might then attempt to ransom that information back to the entities it was stolen from, Murray explained.
Source: SBS News
What can you do about it?
While the responsibility largely falls to the organisations storing your data, like hospitals and government agencies, there are steps you can take to improve your data security.
"One way to guard against that sort of threat is to make sure that you have got two-factor authentication enabled for your online accounts. And that's something that we are seeing increasingly being offered by organisations and being taken up by consumers," Murray said.
"The other thing that individuals can do is make sure that they are not reusing the same passwords for multiple websites.
"Having different logins means that if one of your passwords is compromised, you can reduce the chance of a hacker logging in with that same password elsewhere and causing further damage."
