There were 954 total data breach notifications under the Notifiable Data Breaches (NDB) scheme in one year, according to the NDB Scheme 12-Month Insights Report

There was a 712 percent increase in notifications since the introduction of the NDB scheme. The NDB scheme came into effect in the 30th year of operation of the Privacy Act. Along with the Privacy (Australian Government Agencies—Governance) APP Code 2017 (also introduced in 2018), the NDB scheme was a significant reform, providing greater transparency and accountability for personal information handling in Australia.

Key findings include: 

  • 60 percent of data breaches were malicious or criminal acts. 
  • 153 number of breaches were attributed to phishing and spear phishing. 
  • 28 percent of cyber attacks were incidents where credentials were obtained by unknown means. 
  • 83 percent of data breaches affected fewer than 1,000 people. 
  • 25 percent of data breach notifications were attributed to human error. 
  • 55 percent of health sector data breaches were due to human error. 
  • 41 percent of the finance sector data breaches were due to human errors. 
  • 86 percent of notifications involved contact information disclosure.