OAIC recorded highest ever number of data breaches in 2025

By Joshua Gliddon on Jul 9, 2026 5:43PM
OAIC recorded highest ever number of data breaches in 2025

2025 saw the highest number of data breach notifications being reported to the Office of the Australian Information Commissioner (OAIC) since the mandatory data breach reporting scheme commenced in 2018, the independent agency has revealed this week.

The OAIC received 1,205 data breach notifications in the 2025 calendar year, representing an 8% increase over 2024, where there were 1,112 notifications.

Businesses and Commonwealth government agencies covered by the Privacy Act are required to report any data breach that is likely to result in serious harm to affected individuals under the notifiable data breach scheme.

Cyber hacking remains the primary cause of data breaches reported to the OAIC, with the majority in 2025 attributable to malicious or criminal activity.

Health service providers were the most common segment affected, followed by financial services; the Australian Government; business and professional associations; education; and legal, accounting and management services.

The OAIC has published a new quick reference guide for entities with obligations under the Notifiable Data Breaches (NDB) scheme, outlining the scheme’s requirements and aiming to help organisations determine whether an assessment is required, whether to notify the OAIC and affected individuals, and how to do so.

“The threat posed to Australian businesses and organisations by data breaches is substantial and rising year on year, with 2025 recording the highest number of notifications received in a year since the commencement of the NDB scheme,” said Australian Privacy Commissioner Carly Kind.

“And now with this new guide, entities subject to the Privacy Act will have quick access to essential information needed to act effectively when faced with a potential data breach, when they may be under significant pressure. This will benefit both the entity, and the impacted community.”

The OAIC’s own public research demonstrates that data breaches remain a major privacy concern for the Australian public. The 2026 Australian Community Attitudes to Privacy Survey identified data breaches as the top perceived privacy risk for Australians, with 82% of Australians concerned about the issue, up from 74% in 2023.

In November of last year, the Office of the Australian Information Commissioner (OAIC)  launched a new Notifiable Data Breaches statistics dashboard that allowed the public to access, analyse and benchmark data received under the NDB scheme.

In July of last year, Qantas confirmed that more than a million customers had their phone number, birth date or home address accessed in one of the country's biggest cyber breaches in years, while in August, the OAIC filed civil penalty proceedings in the Federal Court against Optus following the company's 2022 data breach.

Third-party providers were also in the spotlight in 2025, with the NSW Audit Office stating the number of cyber incidents involving systems owned or managed by third parties nearly tripled in 2024, including a rise in data breach occurrences, with data breaches impacting Australian critical infrastructure operators being caused by cyber-attacks exploiting vulnerabilities in third-party platforms also being called out by the Critical Infrastructure Security Centre.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © nextmedia Pty Ltd. All rights reserved.

Add techpartner.news as your trusted source

Tags:

Log in

Email:
Password:
  |  Forgot your password?