The Complete List of

Data Breaches In Australia
For 2018 – 2024

Each year in Australia there are thousands of cyber breaches to businesses. While most of these breaches affect smaller businesses, occasionally there are “major” cyber breaches that impact large organisations and a huge number of people.

For Australian businesses, knowing how these cyber breaches occurred can help them protect their own data by ensuring they don’t allow the same thing happen to them. Below, we’ve listed the major cyber breaches in Australia that have had the biggest impact on the largest number of people.

Know of a Data Breach to Add?

Let us know using the form below!
  • This field is for validation purposes and should be left unchanged.

What Is A Data Breach?

A data breach occurs when confidential, private, or other sensitive information is accessed without authorisation or is lost. A data breach can occur accidentally, or as a result of a deliberate attack.

2024 DATA
BREACH LIST

2023 DATA
BREACH LIST

2022 DATA
BREACH LIST

2021 DATA
BREACH LIST

2020 DATA
BREACH LIST

2019 DATA
BREACH LIST

2018 DATA
BREACH LIST

The 2024

Data Breach
Notifications in Australia

ACT Container Deposit Scheme – March 2024

OAIC Notifiable Data Breaches Report – March 2024

American Express – March 2024

Royal Australian College of General Practitioners – March 2024

Nissan – March 2024

GaP Solutions – March 2024

HVD.HOST – March 2024

Epic Games – February 2024

The Department of Communities – February 2024

Hacker offers the personal details of 25m Aussies for sale – February 2024

Microsoft – February 2024

Microsoft Azure – February 2024

Villis Bakery – February 2024

Tangerine Telecom – February 2024

Kadac Australia – February 2024

Balmain – February 2024

Australian Human Resources Institute – February 2024

AnyDesk – February 2024

Elite Supplements – February 2024

Cloudflare – February 2024

Europcar – February 2024

Central Coast Council – February 2024

Football Australia – February 2024

Canberra Medical Centre – January 2024

LinkedIn, Adobe, Twitter and More – January 2024

Quantum Radiology – January 2024

Nissan Australia – January 2024

Hal Leonard Australia – January 2024

Binge, Dan Murphys, Guzman y Gomez, The Iconic -January 2024

Labour – January 2024

The Iconic – January 2024

Inspiring Vacations – January 2024

Court Services Australia – January 2024

Yakult Australia – January 2024

Eagers Automotive – January 2024

The 2023

Data Breach
Notifications in Australia

23andMe – December 2023

NSW Eastern Suburb Libraries – December 2023

Yakult Australia – December 2023

TikTok – December 2023

St Vincent’s Health – December 2023

Melbourne Arts Centre – December 2023

Qld Rural Fire Service – December 2023

University of Wollongong – December 2023

ASIC – December 2023

The Department for Child Protection said Aboriginal Family Support Services (AFSS) – December 2023

Top Health Doctors West End – December 2023

Certis Security Australia – November 2023

Australian Clinical Labs – November 2023

NDIA – November 2023

Samsung – November 2023

Australian Signals Directorate’s 2022/23 Cyber Threat Report – November 2023

DP World – November 2023

TissuPath – November 2023

Alfred Health – November 2023

Digital Patient Pathways – October 2023

Personify Care – October 2023

Super SA – October 2023

Royal Women’s Hospital Parkville – October 2023

Sony – October 2023

Network Pacific Real Estate – October 2023

HWL Ebsworth – September 2023

Pizza Hut – September 2023

Australian Federal Police, HWL Ebsworth – September 2023

Dymocks – September 2023

University of Sydney – August 2023

American Express – August 2023

Pareto Phone – August 2023

auDA – August 2023

Tesla – August 2023

Judo Bank & REX – August 2023

Department of Veterans’ Affairs – August 2023

Top 10 Countries Being Bombarded by Data Breaches – August 2023

MOVEit – August 2023

ChatGPT – July 2023

Victorian State Government – July 2023

myGov – July 2023

NDIS | HWL Ebsworth – July 2023

Paypal – July 2023

Department of Home Affairs – July 2023

SA Liberal Party – July 2023

Parks Victoria – July 2023

Notifiable Data Breaches Report July to December 2023

Perpetual – June 2023

LG Energy Solution Australia & Solar Service Guys – June 2023

Australian Defence Force – June 2023

SmartPay – June 2023

PwC – June 2023

Port Arthur Library – June 2023

ACT Government – June 2023

Fire Rescue Victoria – May 2023

SuperVPN – May 2023

NT Government – May 2023

Toyota – May 2023

Ambulance Victoria – May 2023

Medibank – May 2023

HWL Ebsworth – May 2023

NAB Business & Consumer Insights – April 2023

Amnesty International Australia – April 2023

Optus – April 2023

Afterpay – April 2023

Spruson and Ferguson – April 2023

Coles – April 2023

Service NSW – April 2023

MSI – April 2023

TAFE – April 2023

Tasmanian Government – March 2023

Meriton – March 2023

Crown Resorts – March 2023

Canberra Health Services – March 2023

iD Tech – March 2023

Rio Tinto – March 2023

QIMR Berghofer – March 2023

Latitude – March 2023

NSW Health – March 2023

CBA – March 2023

The Good Guys – February 2023

Guardian Australia – February 2023

JD Sports – February 2023

GoTo – January 2023

Mount Lilydale Mercy College – January 2023

QUT – January 2023

PayPal – January 2023

Norton LifeLock – January 2023

The 2022

Data Breach
Notifications in Australia

Fire Rescue Victoria – December 2022

LastPass – December 2022

TPG Telecom – December 2022

State Office of Victoria – December 2022

LJ Hooker – December 2022

Telstra – December 2022

Twitter – November 2022

WhatsApp – November 2022

The Smith Family – November 2022

Harcourts – November 2022

Victorian Government | PNORS Technology Group – November 2022

BWX (Flora & Fauna) – November 2022

SSKB – October 2022

Microsoft – October 2022

AFP – October 2022

Vinomofo – October 2022

Medibank – October 2022

Woolworths MyDeal – October 2022

North Face – September 2022

Optus – September 2022

Uber – September 2022

Fremantle Football Club – September 2022

TikTok – September 2022

LastPass – August 2022

DoorDash – August 2022

Facebook – August 2022

WA Health – August 2022

Cisco – August 2022

Twitter – August 2022

University of Western Australia – August 2022

Neopets – July 2022

Uber – July 2022

Perth Festival, Black Swan State Theatre Company – July 2022

Victorian Government – July 2022

Woolworths – July 2022

Marriott – July 2022

Mangatoon – July 2022

China Police – July 2022

Deakin University – July 2022

AMD – July 2022

OpenSea – July 2022

iCare – June 2022

Department of Home Affairs – May 2022

NDIS – May 2022

Spirit Super – May 2022

APAC – May 2022

Facebook – May 2022

South Australian Government – May 2022

National Tertiary Education Union – May 2022

Transport for NSW – May 2022

SuperVPN, GeckoVPN, ChatVPN – April 2022

Coca-Cola – April 2022

Top Data Breaches and Cyber Attacks of 2022

Panasonic – April 2022

Block (ASX:SQ2) – April 2022

Warrnambool Council – March 2022

OKTA – March 2022

Microsoft – March 2022

Ubisoft – March 2022

Nvidia – March 2022

Samsung – March 2022

Australian Data Breaches Report

Toyota Motor – March 2022

Medlab Pathology – February 2022

OAIC Report – February 2022

NSW Government – February 2022

News Corp – February 2022

CFMMEUR – February 2022

Crypto.com – January 2022

Red Cross Australia – January 2022

TfNSW (Accellion) – January 2022

FlexBooker – January 2022

Bunnings – January 2022

The 2021

Data Breach
Notifications in Australia

Lastpass – December 2021

Ubisoft – December 2021

Huawei – December 2021

Victoria Police – December 2021

Finite Recruitment – December 2021

SA Government – December 2021

Gravatar – December 2021

Panasonic – November 2021

ACT Government – November 2021

Tabcorp – November 2021

Australia’s Copyright Agency – November 2021

GoDaddy – November 2021

South Australian Ambulance Service – November 2021

Sunwater – November 2021

mySA Gov – November 2021

Twitch – October 2021

AI Dungeon – September 2021

Accenture – August 2021

FIFA21 – August 2021

Optus – 2019 Update

SafeWA – August 2021

Melbourne City Mission and the Department of Health and Human Services – 2017 Update

Uber – 2016 Update

NSW Department of Education – July 2021

Tasmanian State Growth – July 2021

LimeVPN – July 2021

Morningstar – June 2021

LinkedIn – June 2021

Carnival Cruises – June 2021

Uniting Communities – June 2021

Ray White – June 2021

NSW Health – June 2021

Air India – May 2021

TPG – May 2021

NAB 2019 – April 2021

UnitingCare Queensland – April 2021

Swinburne University – April 2021

Ubiquiti – April 2021

Shanghai Security Database – April 2021

Facebook – April 2021

Eastern Health – March 2021

WA Parliamentary Email Network – March 2021

Microsoft – March 2021

SITA – March 2021

Minister’s Private Email Accounts – February 2021

Transport for NSW – February 2021

SingTel – February 2021

Accellion – February 2021

NT Health – February 2021

QIMR Berghofer Medical Research Institute – February 2021

Service NSW – 2020 Update

Oxfam – February 2021

ASIC – January 2021

Tasmanian Ambulance – January 2021

The 2020

Data Breach
Notifications in Australia

OAIC – 2020

Nintendo Switch – December 2020

Ledger – December 2020

Spotify – December 2020

FireEye – December 2020

NSW State Transit Authority – December 2020

Flight Centre – 2017, reported December 2020

BTC Markets – December 2020

Levitas Capital – November 2020

Law in Order – November 2020

Sophos – November 2020

Wildworks – November 2020

Capcom – November 2020

Prestige Software – November 2020

Blackbaud – November 2020

Nitro PDF – October 2020

Spotless – October 2020

DFAT – September 2020

CloudBees CodeShip – September 2020

Scouts Victoria – September 2020

Activision – September 2020

University of Tasmania – September 2020

Royal Queensland Yacht Squadron – September 2020

Zhenhua Data – September 2020

Telmate – September 2020

K7Maths – September 2020

Transport for NSW – August 2020

Freepik – August 2020

Tik Tok, Instagram & YouTube – August 2020

RI Advice Group – August 2020

Canon – August 2020

ACT Public Schools – August 2020

Visa Europe Ltd – August 2020

Carnival Corporation – August 2020

Intel – August 2020

Australian Universities – August 2020

Instacart – July 2020

Garmin – July 2020

City of Darwin – July 2020

WA Department of Health – July 2020

VPN – July 2020

Fraudulent Cryptocurrency Scheme – June 2020

TikTok – June 2020

Twitter – June 2020

Google Chrome – June 2020

Australia – June 2020

Fisher & Paykel – June 2020

Avon – June 2020

Lion – June 2020

Noni B – June 2020

Babylon Health – June 2020

Joomla – June 2020

AFL Fan Website – May 2020

IN SPORT – May 2020

My Health Record – May 2020

Service NSW – May 2020

BlueScope Steel – May 2020

GoDaddy – May 2020

WA Police Force – April 2020

Optus – April 2020

Facebook – April 2020

Apple – April 2020

Zoom – April 2020

Marriott – April 2020

Federal Court – March 2020

Houseparty – March 2020

Chubb – March 2020

Norwegian Cruise Line – March 2020

Microsoft Teams and Zoom – March 2020

Henning Harders – March 2020

Melbourne TAFE – March 2020

Australian Department of Defence – March 2020

Nord VPN – March 2020

Alinta Energy – March 2020

Clearview AI – February 2020

Talman – February 2020

Samsung – February 2020

MGM – February 2020

Slickwraps – February 2020

Smartwatch – February 2020

Toll – February 2020

Yarra Trams – February 2020

Perth Mint – January 2020

Microsoft – January 2020

LabCorp – January 2020

I.M.L. SLU, the parent company of ImLive and PussyCash – January 2020

P&N Bank – January 2020

Travelex – January 2020

Amazon – January 2020

Wyze – January 2020

  • How To Protect Your Wyze Account After The Recent Data Breach – A recent security breach has leaked the information of over 2.4 million Wyze security camera users. The compromised database was left unsecured and publically accessible, and it appears that the information was being collected and stored by the Alibaba cloud computing company in China.\

The 2019

Data Breach
Notifications in Australia

Plenty of Fish (PoF) – December 2019

Primus Realty – December 2019

Amazon Ring – December 2019

Vistaprint – December 2019

  • 800 Australians in Vistaprint data breach – Web-to-print giant Vistaprint has discovered around 800 of its Australian customers were on the online data breach first revealed in an Australia-exclusive by Print21 last week, and at the time thought to not include any local customers.

Monash IVF Group – December 2019

ANU – November 2019

Nord VPN Breach – November 2019

AIS, Sport Australia – November 2019

ZoneAlarm – November 2019

Monash IVF Group – November 2019

NSW Labor Headquarters – November 2019

Adobe – October 2019

GET – October 2019

Google – October 2019

Optus – October 2019

Sydney IT Contractor – October 2019

Victorian Hospitals – October 2019

Zynga – October 2019

DoorDash – September 2019

Get – September 2019

TGI Fridays – September 2019

Web.com – August 2019

Imperva – August 2019

PAY ID – August 2019

BUPA – Sonic HealthPlus (SHP) – August 2019

Myki – August 2019

TAFE NSW – August 2019

Cloud Union – New Zealand – August 2019

Air New Zealand – August 2019

Neoclinical – August 2019

Sephora – July 2019

AAMC Loss Assessor – July 2019

NAB – July 2019

Equifax – July 2019

MYOB – July 2019

Commonwealth Bank – July 2019

British Airways – July 2019

Queensland Health – July 2019

MEGT & Ability English – July 2019

Insurance House – June 2019

GeelongPort – June 2019

Nagle Catholic College WA – June 2019

Specsavers Qld – June 2019

Symantec – June 2019

Australian Catholic University – June 2019

Revenue NSW – June 2019

Australian National University – June 2019

Microsoft – May 2019

Princess Polly – May 2019

Canva – May 2019

Instagram – May 2019

CCH software – May 2019

Binance – May 2019

Twitter – May 2019

WhatsApp – May 2019

WPA3 Dragonfly – April 2019

Wipro – April 2019

Speedrun.com – April 2019

Australia Post – March 2019

ASUS – March 2019

Bank of Queensland – March 2019

Kathmandu – March 2019

Citrix – March 2019

Melbourne Hospital – February 2019

CoffeeMeetsBagel – February 2019

9Honey – February 2019

Toyota Australia – February 2019

AMP – February 2019

LandMark White – February 2019

Department of Parliamentary Services – February 2019

Bunnings – February 2019

Facebook – January 2019

Global Hacking Scare – January 2019

SkoolBag – January 2019

Optus – January 2019

Collection #1 – January 2019

Fisheries Queensland – January 2019

First National Real Estate – January 2019

Department of Planning and Environment, NSW Major Projects – January 2019

Victorian Government – January 2019

Marriott Hotel Group / Starwood – January 2019

Early Warning Network – January 2019

Big W – January 2019

Hawthorn Football Club – January 2019

Nova Entertainment – January 2019

My Health Records – January 2019

Victorian Public Servants – January 2019

The 2018

Data Breach
Notifications in Australia

Commonwealth Bank – December 2018

Humble Bundle – December 2018

News Corp – December 2018

Marriott’s Hotels – December 2018

Dell – November 2018

Victoria’s Emergency Services – November 2018

Amazon – November 2018

PageUp People – November 2018 Update

Federal Group Hotel – November 2018

Under Armour’s MyFitnessPal App – November 2018

Austal – October 2018

Facebook – September 2018

Perth Mint – September 2018

RCR Tomlinson Engineering – August 2018

Strathmore Secondary College – August 2018

Airport Security Identity Cards (ASICs) – July 2018

MY Health Record – July 2018

Townsville City Council [Typeform] –  July 2018

Timehop App – July 2018

Cairns council hit by data breach [Typeform] | July 2018

PEXA – National e-conveyancing platform – July 2018

Australian National University – July 2018

Airtasker – July 2018

Bakers Delight – July 2018

Tasmanian Electoral Commission – July 2018

Ticketmaster – June 2018

HealthEngine – June 2018

Flightradar24 – June 2018

PageUp People – June 2018

MyHeritage – June 2018

Family Planning NSW – May 2018

Svitzer Australia – March 2018

GoGet – January 2018

Cyber Liability Insurance:
The Ultimate Guide For Businesses

Click Here To See How To Protect Your Business With Cyber Insurance