Dashboard Tool Maps Data Breach Landscape
The Office of the Australian Information Commissioner (OAIC) has launched a new interactive dashboard that transforms how organisations access and analyse data breach statistics, while revealing a 10% decrease in breaches for January-June 2025.
The Notifiable Data Breaches (NDB) statistics dashboard, unveiled today, enables users to benchmark data breach trends, assess impacts, and understand sector-specific vulnerabilities through a more dynamic interface than previous static reports.
Privacy Commissioner Carly Kind said the dashboard demonstrates the OAIC's commitment to harness data for both education and enforcement purposes.
"Our goal for the new NDB dashboard is to help reporting entities learn from the experiences of others – those organisations and agencies who have had to notify us of a data breach," Commissioner Kind said.
The latest statistics show the OAIC received 532 data breach notifications in the first half of 2025, down from the previous six-month period but still indicating significant ongoing privacy risks.
Malicious or criminal attacks remained the primary source of data breaches at 59% (308 notifications), while the health sector continues to report the highest number of breaches (18%), followed by finance (14%) and Australian Government agencies (13%).
"The threat of data breaches, especially through the efforts of malicious actors, is unlikely to diminish, so we want to arm entities with data to help them keep personal information secure," Commissioner Kind said.
In her blog post accompanying the dashboard launch, Kind emphasised the importance of effective oversight when outsourcing personal information handling, stating that organisations must ensure "contractual arrangements specify accountabilities in the event of data breaches that involve multiple parties."
The dashboard builds on the OAIC's six years of experience with the NDB scheme and signals a shift toward more data-driven regulatory action, with the dashboard being updated semi-annually.
Under the NDB scheme, organisations must notify affected individuals and the OAIC when personal information has been compromised in ways likely to result in serious harm, taking reasonable steps to conduct assessments within 30 days of suspected breaches.
The OAIC has published guidance on securing personal information and data breach preparation, as well as advice for individuals responding to data breach notifications.