The number of data breach reports in Australia went up by 25 per cent in 2024 compared to the previous year.
The 1,113 breaches recorded were mainly experienced by health service providers and the government, according to a report published on Tuesday by the Office of the Australian Information Commissioner (OAIC).
The latest Notifiable Data Breaches Report: July to December 2024 found 69 per cent of the data breaches were due to malicious or criminal attacks, with 29 per cent derived from human error.
Annan Boag, general manager, regulatory intelligence and strategy for the OAIC said the data reflects the "continuing information security challenges" Australia has faced since reporting began in 2018.
"Cyber risk is increasingly sophisticated and even entities with the strongest defences may experience a data breach," he said in a statement.
What does the data show?
Data presented in the report reveals that most personal information compromised in the breaches was contact information, followed by identity information, financial details and health information.
The majority of reported breaches affected fewer than 5,000 people each, but two breaches impacted between 500,000 and one million people.
The sectors that reported the highest number of data breaches were health service providers, followed by the Australian government and finance.
Source: SBS News
Source: SBS News
Australians lost nearly $319 million in 2024 to hundreds of thousands of scams, with investment scams the most financially damaging, according to the Australian Competition and Consumer Commission.
, which cost Australians over $23 million last year, with scammers using increasingly sophisticated tactics to deceive victims.
Professor Toby Murray, from the school of computing and information systems at the University of Melbourne, said the overall trends were not surprising.
"There is increased malicious activity, there's more hacking going on, there's more data being stolen. Some of that's because there's just more data," he told SBS News.
"Businesses are collecting more and more data, and it's more and more valuable. And so, there's more reason for malicious actors to want to steal that data."
However, he also said increased reporting could be a good thing, as it represents that data breaches are becoming more detectable than in previous years.
Health sector a 'sensitive area'
Murray added it's hard to determine why health service providers reported the highest number of data breaches, but indicated there are major challenges the sector faces.
"Often the data that is being collected and managed in healthcare settings is not only quite private and personal, but it's often stored in a range of different systems," he said.
"Getting all of those systems to work well together where there aren't security holes is, of course, a major challenge, especially in an area like health where the volume and the different types of data that are being managed there are so wide."
Once data has been stolen, criminals might then attempt to ransom that information back to the entities it was stolen from, Murray explained.
Source: SBS News
Data from the Australian Institute of Health and Welfare reveals that in 2022-23, over 22 million people had at least one Medicare-subsidised general practitioner attendance.
In a statement on 5 March, federal health minister Mark Butler said a total of 14.7 million Australians hold private health insurance cover and accessed more than $23.5 billion in health and medical benefits paid by insurers in 2023.
What can you do about it?
While the responsibility largely falls to the organisations storing your data, like hospitals and government agencies, there are steps you can take to improve your data security.
"One way to guard against that sort of threat is to make sure that you have got two-factor authentication enabled for your online accounts. And that's something that we are seeing increasingly being offered by organisations and being taken up by consumers," Murray said.
"The other thing that individuals can do is make sure that they are not reusing the same passwords for multiple websites.
"Having different logins means that if one of your passwords is compromised, you can reduce the chance of a hacker logging in with that same password elsewhere and causing further damage."
