If you’ve ever worried about your personal information falling into the wrong hands, you’re not alone—and with good reason.
Australia has just experienced its worst year on record for data breaches, with a staggering 1,113 incidents reported in 2024.
According to the latest report from the Office of the Australian Information Commissioner (OAIC), that’s a 25 per cent jump from the previous year.
So, which industries were hit hardest, and what does this mean for everyday Australians—especially those of us who remember a time when ‘hacking’ meant a cough, not a crime?
Let’s break down what’s happening, why it matters, and what you can do to protect yourself.
The numbers: a record year for data breaches
The OAIC’s Notifiable Data Breaches Report for July to December 2024 paints a sobering picture. Nearly 70 per cent of breaches were the result of malicious or criminal attacks—think hackers, ransomware, and cybercriminals.
The remaining 29 per cent were due to human error, such as sending sensitive information to the wrong person or failing to secure data properly.
While most breaches affected fewer than 5,000 people each, two major incidents impacted between 500,000 and one million Australians. That’s a lot of personal information potentially floating around in the digital ether.
Which sectors were hit the hardest?
1. Health Service Providers:
Topping the list, the health sector reported the highest number of breaches. This is particularly concerning, as health data is among the most sensitive information we have—covering everything from medical histories to Medicare numbers and private health insurance details.
With over 22 million Australians visiting a GP in 2022-23 and nearly 15 million holding private health insurance, the scale of exposure is enormous.
2. Government Agencies:
Government departments and agencies were the next most affected. These organisations hold a treasure trove of personal data, including tax records, social security details, and more.
A breach here can have far-reaching consequences, from identity theft to financial fraud.
3. Financial Services:
Banks, insurers, and other financial institutions also made the top three. With nearly $319 million lost to scams in 2024 alone, the financial sector remains a prime target for cybercriminals seeking to cash in on stolen data.
Why are data breaches on the rise?
According to experts like Professor Toby Murray from the University of Melbourne, the increase isn’t just about more attacks—it’s also about more data.
Businesses and organisations are collecting more information than ever before, and that data is increasingly valuable to criminals.
‘Cyber risk is increasingly sophisticated and even entities with the strongest defences may experience a data breach,’ says Annan Boag from the OAIC. In other words, even the best-prepared organisations can fall victim to determined hackers.
The health sector, in particular, faces unique challenges. Medical data is often stored across multiple systems, making it harder to secure.
And once criminals get their hands on this information, they may try to ransom it back to the organisation or use it for identity theft and fraud.
What happens after a breach?
When a data breach occurs, the consequences can be serious. Stolen information might be sold on the dark web, used to commit fraud, or leveraged in scams targeting individuals.
In some cases, criminals demand a ransom from the affected organisation, threatening to release sensitive data if their demands aren’t met.
For individuals, the fallout can include:
- Identity theft
- Financial loss
- Emotional distress
- Ongoing privacy concerns
What can you do to protect yourself?
While much of the responsibility lies with the organisations that store your data, there are practical steps you can take to reduce your risk:
1. Use strong, unique passwords:
Never reuse passwords across multiple sites. If one account is compromised, you don’t want hackers to have the keys to your entire digital life. Consider using a password manager to keep track of your logins.
2. Enable Two-Factor Authentication (2FA):
Wherever possible, turn on 2FA for your online accounts. This adds an extra layer of security, making it much harder for criminals to gain access.
3. Be wary of scams:
Scammers are getting more sophisticated. Be cautious of unsolicited emails, texts, or phone calls asking for personal information. If in doubt, contact the organisation directly using a trusted number.
4. Monitor your accounts:
Regularly check your bank statements, Medicare records, and other important accounts for any unusual activity. The sooner you spot something amiss, the quicker you can act.
5. Stay informed:
Keep up to date with the latest security advice from trusted sources like the Australian Cyber Security Centre.
The silver lining: increased reporting means more awareness
While the rise in reported breaches is alarming, experts say it’s not all bad news. Increased transparency means organisations are getting better at detecting and disclosing breaches, which can help limit the damage and prompt improvements in security.
Have you been affected?
If you think your data may have been compromised, act quickly:
- Change your passwords immediately.
- Contact your bank or relevant institution.
- Consider placing a credit alert with a credit reporting agency.
- Report scams to the Australian Competition and Consumer Commission (ACCC) via Scamwatch.
Your turn: have your say
Have you or someone you know been affected by a data breach? Do you feel confident in your ability to protect your personal information online? What steps do you take to stay safe in the digital age? Share your experiences and tips in the comments below—your story could help others stay one step ahead of the scammers.
Stay safe, stay savvy, and remember: when it comes to your personal data, a little caution goes a long way.
Also read: CBA tightens security amidst growing cyber threats—what you need to know
