11 Biggest Data Breaches in Australia (Includes 2022 Attacks)

Data breaches in Australia are on the rise, particularly in the financial and healthcare industries. In an effort to disrupt this pernicious trend, the Australian government is revising its cybersecurity frameworks and policies to strengthen resilience against nation-state threat actors.

But Australian businesses cannot solely rely on the government's cybersecurity initiatives. Even the Australian Signals Directorate (ASD) admits that proposed security frameworks only raise the baseline of security. It's up to each individual business to continue lifting this standard with additional data breach prevention controls.

To help Australian businesses avoid some of the common malpractices that facilitate data breaches, we've compiled a list of some of the biggest data breaches in Australia, ranked by magnitude of impact. If you're interested in a global perspective, you can also review the biggest data breaches worldwide.

Click here for a guide on how Australian businesses can prevent data breaches.

1. Canva Data Breach

canva data breach

Date: May 2019

Impact: 137 million users

Australian unicorn Canva suffered a monumental data breach impacting 137 million of its users. To put that into perspective, the online design tool currently has about 55 million active monthly users.

A cybercriminal identified as Ghosticplayers breached Canva's defences but was stopped by Canva when they detected malicious activity in their systems.

Unfortunately, this interception did not happen soon enough. The threat actor had time to access the following user data:

  • User names
  • Real names
  • Email addresses
  • Country data
  • Encrypted passwords
  • Partial payment data

After the cyberattack, Ghosticplayers contacted ZDNet to brag about the successful data breach. This is unusual behavior for cybercriminals who usually gloat about their cybercrimes on dark web forums.

2. Optus Data Breach

Optus logo

Date: September 2022

Impact: 9.8 million customers

Cybercriminals believed to be working for a state-sponsored operation breached Optus' internal network, compromising personal information impacting up to 9.8 million customers. According to Optus CEO Kelly Bayer, the oldest records in the compromised database could date as far back as 2017.

Personal information included in this compriomsed data set includes:

  • Names
  • Birth dates
  • Addresses
  • Phone numbers
  • Passports and driver's license numbers (in some cases

It’s speculated that the criminal group gained access through an unauthorized API endpoint, meaning a user/password or any other authentication method wasn't required to connect to the API.

The alleged details of the Optus data breach as revealed by a cybercriminal claiming responsibility
The alleged details of the Optus data breach as revealed by a cybercriminal claiming responsibility - Source: Twitter - Jeremy Kirk.

If the cybercriminals are confirmed to be state-sponsored, the breach was likely caused by a ransomware attack - a style of attack preferenced by such well-financed hacker groups for its high success rates and significant dividends.

Learn how the Ransomware-as-a-Service criminal network operates.

Investigations are still underway, and Optus has yet to confirm whether it received a  ransomware note from the cybercriminals.

At this point, it isn’t clear whether this breach constitutes a violation of Australian privacy principles. To prevent such a costly conclusion, Optus needs to demonstrate that it took active measures to ensure the protection of all customer data from data breach attempts - a decision for the privacy commissioner to make.

Read the news article by TechCrunch about this Optus data breach event.

upguard security score request

Click here to request your free instant security score.

3. ProctorU Data Breach

ProctorU data breach

Date: July 2020

Impact: 444,000 people

Sensitive information belonging to ProctorU, an online proctoring service for remote students, was leaked online for free on a dark web hacking forum. This incident was part of a larger data leak impacting 18 different company's and exposing a total of 386 million records.

The compromised database of 444,000 records included user records with email addresses belonging to:

  • The University of Sydney,
  • The University of New South Wales,
  • The University of Melbourne
  • The University of Queensland
  • The University of Tasmania
  • James Cook University
  • Swinburne University of Technology
  • The University of Western Australia
  • Curtin University and the University of Adelaide.

The total number of records impacting Australian university's from the total of 444,000 is unknown.

ProctorU said that no financial information was compromised in the breach.

proctorU data breach announcement on Twitter

4. Australian National University (ANU) Data Breach

ProctorU data breach

Date: November 2018

Impact: 200,000 students

The Australian National University (ANU) fell victim to a highly sophisticated cyber attack that shocked even the most experienced Australian security experts.

Cyber attackers accessed sensitive information dating as far back as 19 years. The following information was stolen:

  • Names
  • Addresses
  • Phone numbers
  • Dates of birth
  • Emergency contact details
  • Tax file numbers
  • Payroll information
  • Bank account details
  • Student academic results

The attackers deployed four spear-phishing campaigns to harvest network access credentials from staff. Each successful phishing attack granted them deeper levels of access until the University's Enterprise Systems Domain (ESD) was breached.

This is where the University's most sensitive records were stored.

The security incident worked meticulously to cover their tracks. They instantly deleted access logs and used the anonymity software Tor to obfuscate their location details.

ANU finally discovered the attack in April 2019.

5. Eastern Health Data Breach

eastern health data breach

Date: March 2021

Impact: 4 hospitals

Eastern Health, an operator of 4 Melbourne hospitals, fell victim to a cyberattack causing certain elective surgeries to be postponed.

The nature of the cyber attack is unknown, but it's suspected to have been a ransomware attack. This is likely to be true since, according to the Australian Cyber Security Centre (ACSC), ransomware attacks targeting the Australian health sector are growing.

Eastern Health assured the public that no patient data was compromised in the attack.

Eastern Health data breach announcement on Twitter

6. Service NSW Data Breach

Service NSW data breach

Date: April 2020

Impact: 104,000 people

47 Service NSW staff email accounts were hacked through a series of phishing attacks. This led to 5 million documents being accessed, 10 percent of which contains sensitive data impacting 104,000 people.

A major contributing factor to the seamless breach was the lack of multi-factor authentication

7. Melbourne Heart Group Data Breach

Melbourne heart group data breach

Date: February 2019

Impact: 15,000 patients

Melbourne Heart Group, a specialist cardiology unit in Cabrini Hospital, fell victim to a ransomware attack impacting 15,000 patient files.

Ransomware attacks are still classified as data breaches because cybercriminals access sensitive data and hold it hostage unless a ransom price is paid. This data breach compromised personal patient details and medical data, exposing victims to potential phishing attacks and identity theft.

Melbourne Heart Group was locked of it its compromised data for almost 3 weeks.

A spokesperson for the cardiology unit said that no sensitive data was leaked while it was in possession of the cybercriminals.

But such a claim assumes ransomware criminals are true to their promise that damages will be completely reversed if demands are obeyed

Melbourne Heart Group, reportedly, paid the bitcoin ransom.

Most of the encrypted files were restored, but not all of them.

8. Australian Parliament House Data Breach

Australian Parliament House data breach

Date: February 2019

Impact: Multiple political party networks - Liberal, Labor, and the Nationals.

Australian Parliament House networks were breached by a nation-state criminal group. It's speculated that China was responsible for the attack, as a response to Scott Morrison banning Huawei and ZTE equipment from Australia's 5G network.

The attack resulted in the loss of some data, but according to the head of the Australian Signals Directorate (ASD) Mike Burgess, none of it was classified as sensitive.

"There was a small amount of data taken; none of that was deemed sensitive, but the assessment of that is a matter for the parliament themselves." Mike said at the Foreign Affairs, Defence and Trade Legislation Committee on April 5, 2019.

The cybercriminals used phishing methods to steal employee credentials and gain entry into the government's network. This precursor attack took place on an infected external website that a small number of parliament staff visited.

9. Tasmanian Ambulance Data Breach

Tasmanian Ambulance data breach

Date: January 2021

Impact: Every resident that requested an ambulance between Nov 2020 and Jan 2021.

At the time of the breach, the Tasmanian ambulance was using outdated radio technology to run its communications network. Cyberattackers intercepted the radio data, converted the conversation to text, and posted the stolen data online.

The breached data included the following patient information:

  • HIV status
  • Gender
  • Age
  • Address of each emergency incident.

The website exposing the compromised data has since been taken offline.

10. Northern Territory Government Data Breach

Northern Territory Government data breach

Date: February 2021

Impact: 4400 emails

Personal and business emails across thousands of territories have been leaked following a breach of the Northern Territory's COVID-19 check-in app.

When the app was introduced, NT residents were assured that only Health Department officials and technical support personnel would have access to the collected data.

According to Sue Hawes, the head of the COVID-19 hazard management unit, the data breach was caused by an unintentional error.

11. Western Australian Parliament Data Breach

Western Australian Parliament data breach

Date: March 2021

Impact: Unknown

Western Australia parliament's mail server was accessed after a Microsoft Exchange Server Vulnerability was compromised. This incident was part of a global cyberattack frenzy targeting the zero-day exploit before Microsoft responded with a patch release.

WA's Executive Manager of Parliamentary Services Rob Hunter said that a forensic audit found no evidence of a data breach. A soon as security teams became aware of the malicious intrusion, they immediately disconnected the targeted email server.

But it's uncertain whether this consolation is true. The lack of transparency into the event is concerning.

The Australian Cyber Security Centre (ACSC) declined to comment about the WA parliament attack but said that many Australian organisations were exposed to potential compromise while their servers remained unpatched.

If the nation-state criminals were as sophisticated as the Prime Minister described them, may have had enough time to clandestinely exfiltrated some sensitive, even during such a brief visit.

Recommended Reading:

UpGuard Helps Australian Businesses Prevent Data Breaches

UpGuard helps Australian businesses prevent data breaches by discovering vulnerabilities and data leaks exposing sensitive resources. This detection and remediation capability extends to the entire third-party vendor network.

Get a preliminary assessment of your data breach risk, click here for your free security score now!


UpGuard logo in white
UpGuard free resources available for download
Learn more

Download our free ebooks and whitepapers

Insights on cybersecurity and vendor risk management.
UpGuard logo in white
eBooks, Reports & Whitepapers
UpGuard free resources available for download
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

See UpGuard In Action

Book a free, personalized onboarding call with one of our cybersecurity experts.
Deliver icon

Sign up to our newsletter

Get the latest curated cybersecurity news, breaches, events and updates in your inbox every week.
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Website Security scan resultsWebsite Security scan rating