Notifiable Data Breaches (OAIC)
Last updated: 2026-04-01 07:21 UTC
Statistics from the Office of the Australian Information Commissioner Notifiable Data Breaches (NDB) scheme.
Trend Overview
| Period | Total | Malicious Attacks | Human Error | System Faults |
| Jul-Dec 2023 | 483 | 310 | 144 | 29 |
| Jan-Jun 2023 | 409 | 264 | 123 | 22 |
| Jul-Dec 2022 | 497 | 350 | 123 | 24 |
| Jan-Jun 2022 | 396 | 250 | 123 | 23 |
| Jul-Dec 2021 | 464 | 277 | 153 | 34 |
| Jan-Jun 2021 | 446 | 289 | 134 | 23 |
Latest Period: Jul-Dec 2023
Top Affected Sectors
| Sector | Notifications |
| Health service providers | 104 |
| Finance | 49 |
| Australian Government | 42 |
| Insurance | 35 |
| Education | 33 |
Breach Types
| Type | Count |
| Cyber Incident | 203 |
| Ransomware | 42 |
| Phishing | 56 |
| Compromised Credentials | 52 |
| Social Engineering | 18 |
| Other Malicious | 29 |
| Human Error Disclosure | 95 |
| Human Error Loss | 12 |
| System Fault | 29 |
Scale of Breaches (Individuals Affected)
| Range | Notifications |
| 1-100 | 249 |
| 101-1000 | 97 |
| 1001-10000 | 51 |
| 10001-100000 | 27 |
| 100000+ | 12 |
Notable Australian Data Breaches
| Entity | Date | Records | Attack Type |
| Optus | September 2022 | 9,800,000 | API vulnerability exploitation |
| Medibank | October 2022 | 9,700,000 | Compromised credentials, ransomware (REvil affiliate) |
| Latitude Financial | March 2023 | 14,000,000 | Compromised employee credentials |
| HWL Ebsworth | April 2023 | 2,700,000 | ALPHV/BlackCat ransomware |
| DP World Australia | November 2023 | Unknown | Network intrusion (disrupted port operations for 3 days) |
| Court Services Victoria | January 2024 | Unknown | Ransomware (Qilin) |
| MediSecure | May 2024 | 12,900,000 | Ransomware |
Data sourced from OAIC NDB publications. Updated when new OAIC reports are published.