The Office of the Australian Information Commissioner (OAIC) has released its Notifiable data breaches report July to December 2022.

The Office of the Australian Information Commissioner (OAIC) has released its Notifiable data breaches report July to December 2022.

Australian Information Commissioner and Privacy Commissioner Angelene Falk said cyber security incidents in particular can have significant impacts on individuals, and organisations need to be alert to the risks.

The OAIC’s twice-yearly reports draw out the industry sectors that report the most breaches, the sources of breaches and areas for improved practice.

The latest report shows several large-scale data breaches impacted millions of Australians’ personal information in the second half of 2022, as part of a 26% increase in breaches overall.

Forty-five per cent of breaches resulted from cyber security incidents (222 notifications), of which the most common cause was ransomware (64 notifications).

The health sector remains the highest reporting industry sector (71 notifications; 14% of all breaches), followed by finance (68 notifications; also 14% of all breaches).

You can read the report and our media release the OAIC website.


Key statistics

  • 497 breaches were notified compared with 393 in January to June 2022 – a 26% increase.
  • There was a 41% increase in data breaches resulting from malicious or criminal attacks. Malicious or criminal attacks accounted for 350 notifications – 70% of all notifications.
  • Human error was the cause of 123 notifications (25% of all notifications), down 5% in number from 129.
  • Of all sectors, health reported the most breaches (71), followed by finance (68).
  • Contact information remains the most common type of personal information involved in breaches.
  • The majority (88%) of breaches affected 5,000 individuals or fewer.  
  • 71% of entities notified the OAIC within 30 days of becoming aware of an incident.