The updated dashboard highlights ongoing challenges for organisations in protecting personal information, with cyber incidents continuing to dominate the causes of notifiable breaches. The OAIC noted that malicious or criminal attacks accounted for the majority of notifications, while human error and system faults also remain persistent contributors to privacy risks.
According to the OAIC, the total number of notifications for the first half of 2025 remains consistent with the heightened levels seen throughout 2024. Ransomware and phishing attacks continue to rise, underscoring the increasing sophistication of threat actors targeting Australian entities. The report also shows that credential theft and compromised accounts are now among the leading causes of reported incidents.
While most data breaches impacted fewer than 100 individuals, the OAIC’s data shows that several large-scale breaches affected thousands, and in some cases millions, of Australians. The health, finance, and insurance sectors continue to record the highest volume of notifications, followed closely by government agencies and information technology service providers.
Australian Information Commissioner and Privacy Commissioner Carly Kind said the findings demonstrate the ongoing need for vigilance, resilience, and accountability in managing personal data. She reiterated that privacy and security measures must evolve in line with the increasing complexity of cyber threats and supply-chain vulnerabilities.
The OAIC emphasised that the Notifiable Data Breaches scheme is now well established, and expectations of regulated entities are high. Organisations are urged to take proactive steps to identify and manage risks, maintain current incident response plans, and ensure that data-handling and breach notification procedures are compliant with the Privacy Act 1988.
The new OAIC dashboard for January to June 2025 provides detailed visualisations of data breach trends by sector, cause, and impact. It offers valuable insights for organisations seeking to benchmark their privacy practices and strengthen their information security posture.
With the number and scale of breaches showing no sign of slowing, the message from the OAIC is clear: prevention, rapid detection, and transparent response remain critical to maintaining public trust in Australia’s data protection framework.
