The security breaches have seen bank details, credit card numbers, passport information and driver's licences lost or stolen.
A victim of identity theft is warning others to protect their data better after hackers stole "absolutely everything" he had online.
Daniel Alejandro Aponte Prypchan had $50,000 stolen from his home loan, which was recovered quickly, but said a second sting was more sophisticated.
While on holiday in 2016, someone broke into his letterbox, stole his phone bill and hacked into his mobile phone
"They got into all my bank accounts, my Facebook, all my social media, even my home loan. Every possible link to everything," he said.
"They even stole my miles from three frequent flyer programs. They stole absolutely everything that I had online."
Mr Prypchan's case is one of more than 300 major data breaches against Australians this year - with hackers and criminals getting access to the private data of hundreds of thousands of people.
The Office of the Australian Information Commissioner has revealed that 305 breaches occurred since February 22 - when new mandatory reporting laws came into force - with bank details, credit card numbers, passport information and driver's licences lost or stolen.
The biggest incident involved a multinational company which impacted more than one million Australians.
The health sectors was the worst hit, with 49 major data breaches, but none involved the contentious My Health Record.
The finance sector was the next on the list, with 36 breaches.
Most data breaches impacted 100 or fewer individuals, the OAIC said.
In New South Wales, a multilingual campaign has been launched via Strathfield Council to help people protect their data.
Attorney General Mark Speakman said it is aimed at vulnerable communities and people for whom English isn't their first language.
"We're all vulnerable. One in five Australians has been or will be affected by identity theft or online fraud. It affects everyone, but in particular those who have limited English."
Mandatory reporting requires government agencies, businesses and not-for-profit organisations with a turnover of more than $3 million to notify the OAIC of any breaches.
Acting Information Commissioner Angelene Falk warned Australians they "don't live in a risk free world".
"Ideally there would be no data breaches but we understand every system holding personal information faces risks, whether it's a filing cabinet or a storage device or an online system," she told News Corp.
Hackers or cyber criminals made up 59 per cent of the attacks, while human error such as emailing sensitive information to the wrong address accounted for 36 per cent.
Paperwork and storage devices were also stolen, while in some cases rogue employees misused data.