Data Breach Alerts Hit Record High in 2025, NDB Reports

Newly published statistics reveal that 2025 saw the highest number of data breach notification being reported to the Office of the Australian Information Commissioner (OAIC) since the mandatory data breach reporting scheme commenced in 2018. The OAIC received 1,205 data breach notifications in the 2025 calendar year, representing an 8% increase over 2024 (1,112 notifications).

Businesses and Commonwealth government agencies covered by the Privacy Act are required to report any data breach that is likely to result in serious harm to affected individuals under the notifiable data breach scheme.

Cyber hacking remains the primary cause of data breaches reported to the OAIC. Of the 1,205 data breaches notified in 2025, the majority were attributable to malicious or criminal activity (716 notifications), with health service providers the most commonly affected, and accounting for 19% of the total or 225 notifications.

Financial services (157 notifications), the Australian Government (118 notifications), business and professional associations (103 notifications), education (81 notifications) and legal, accounting and management services (81 notifications) followed, ranking as the top 5 sectors by volume for data breach notifications.

Acknowledging the growing number of entities reporting under the scheme, OAIC has published a new quick reference guide for entities with obligations under the Notifiable Data Breaches (NDB) scheme. This practical guide outlines the scheme's requirements, helping to determine whether an assessment is required, whether to notify the OAIC and affected individuals, and how to do so. This tool is available both as an interactive webpage, and as a downloadable interactive checklist. "The threat posed to Australian businesses and organisations by data breaches is substantial and rising year on year, with 2025 recording the highest number of notifications received in a year since the commencement of the NDB scheme," said Australian Privacy Commissioner Carly Kind.

"And now with this new guide, entities subject to the Privacy Act will have quick access to essential information needed to act effectively when faced with a potential data breach, when they may be under significant pressure. This will benefit both the entity, and the impacted community."

The OAIC's own public research demonstrates that data breaches remain a major privacy concern for the Australian public. The 2026 Australian Community Attitudes to Privacy Survey (ACAPS) identified data breaches as the top perceived privacy risk for Australians, with 82% of Australians concerned about the issue, up from 74% in 2023.

Background

/Public Release. This material from the originating organization/author(s) might be of the point-in-time nature, and edited for clarity, style and length. Mirage.News does not take institutional positions or sides, and all views, positions, and conclusions expressed herein are solely those of the author(s).View in full here.