OAIC's Notifiable Data Breaches statistic dashboard

11 November 2025

Hamish Fraser
Partner
Sparke Helmore Lawyers

Hamish Fraser
Partner
Sparke Helmore Lawyers
t: +61 2 9373 3616

Hamish is an accomplished senior technology lawyer with more than 30 years’ experience advising clients on commercial issues and regulatory matters across the information technology and communication industries. Hamish enjoys demystifying the complex interaction of technology and the law.

The Office of the Australian Information Commissioner (OAIC) has created an interactive dashboard of data breach notifications it receives under the Notifiable Data Breach (NDB) Scheme.

The commissioner has for a number of years been releasing snapshots of data breaches for the previous six months, however this new dashboard is intended to 'help reporting entities learn from the experiences of others – those organisations and agencies who have had to notify us of a data breach. We hope the tool is used to improve their own responses and reporting if a data breach occur.’[1]

The dashboard allows users to:

Apply filters such as changing the timeframe, or source of breach, response time or top industry sector.
Click a button to provide further information about the data on the page.
View the chart data as a table.

The dashboard will now be updated every six months.

Some interesting highlights from the dashboard include the following.

Decrease in notifications

The notifications of eligible data breaches were down -10% compared to July to December 2024. Notifications as a result of human error were up with almost all categories trending higher, while malicious attacks were down, most notably in the cyber incident category.

Source of data breaches

Malicious or criminal attacks remain the largest source of data breaches at 59%.

Top 5 reporting sectors

The top 5 sectors to notify data breaches included:

Health service providers - 96
Finance (including superannuation) - 73
Australian Government - 67
Education - 38
Legal, accounting & management services - 37

Top causes of human errors breaches

Personal Information sent to the wrong recipient (email) - 44%
Unauthorised disclosure (unintended release or publication) - 22%
Failure to use BCC when sending email - 9%

Time taken to identify and report breaches

There is an increase in businesses reporting in less than 10 days, showing increased responsiveness and a corresponding decrease in reporting taking longer than 30 days.

Conclusion

The dashboard provides meaningful insight into trends and patterns in relation to data breaches and seems to suggest an improved awareness and responsiveness to cyber risks while human error still serves as a not insignificant issue in data breaches.

[1] Office of the Australian Information Commissioner, media post, 4 November 2025, ‘OAIC launches new dashboard for data breaches,’ OAIC launches new dashboard for data breaches | OAIC.

We would like to acknowledge the contribution of Jasmine Thai.

18-11-2025 | Vinomofo data breach determination - the obligation to take reasonable steps

26-08-2025 | Building public trust and modernising oversight: OAIC's regulatory action priorities for 2025-26

26-08-2025 | Private schools – are you protecting children's personal data? Consider the proposed Privacy Act 1988 Children's Code

06-08-2025 | Chantal Tipene appointed to the Information and Privacy Advisory Committee

30-07-2025 | Key statistics from the FOI financial year that was – 2024/25

14-05-2025 | How do I finalise my reasons for a decision if my FOI matter has deemed?

Media room