Surge in Australian Data Breaches and Cybersecurity Risks in 2025-2026

Severity: High (Score: 69.5)

Sources: Businessday.Ng, Cyble

Summary

Australia has seen a significant rise in data breaches, with 71 reported incidents from January to early October 2025, a 48% increase from the previous year. This trend indicates a shift from isolated breaches to industrialized data theft, where stolen data is packaged and sold on dark web marketplaces. The increase in breaches highlights vulnerabilities in both large and small organizations, as attackers exploit third-party vendors and employee-related weaknesses. Major incidents include the 2023 MGM Resorts breach, which disrupted operations through social engineering tactics. The current landscape suggests that many breaches go unreported, indicating a potentially larger scale of exposure. Cybersecurity experts recommend stronger security practices and employee training to mitigate risks. The 2017 Equifax breach remains a notable example of the severe consequences of unpatched vulnerabilities. Key Points: • Australia reported 71 data breaches in 2025, a 48% increase from 2024. • Cybercriminals are now packaging stolen data into composite breach packages for resale. • Employee vulnerabilities and third-party vendor exploits are common entry points for attackers.

Key Entities

• Data Breach (attack_type)
• Phishing (attack_type)
• Ransomware (attack_type)
• Supply Chain Attack (attack_type)
• Operation HumanitarianBait (campaign)
• Change Healthcare (company)
• Equifax (company)
• Meta (company)
• MGM Resorts (company)
• Nigeria (country)
• CWE-200 - Exposure of Sensitive Information (cwe)
• CWE-287 - Improper Authentication (cwe)
• CWE-862 - Missing Authorization (cwe)
• Government (industry)
• Healthcare (industry)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1195 - Supply Chain Compromise (mitre_attack)
• T1566 - Phishing (mitre_attack)
• T1567 - Exfiltration Over Web Service (mitre_attack)
• WannaCry (ransomware_group)