Statistics & Reports

What is a personal data breach? 
A personal data breach is defined in section 111(1) of the Law as any incident that meets the following criteria:

• “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed”.  

There will likely be a breach whenever any personal data is accidentally lost, corrupted or disclosed, or if someone accesses it or passes it on without proper authorisation to do so.

Why do breaches need to be reported?
One of the key changes to the local data protection law that came into force in May 2018 is that organisations are legally required to notify the ODPA of any personal data breach within 72 hours of becoming aware of it (see section 42 (2) of the Law). You can report a breach to us here. 

Why does the ODPA publish breach statistics? 
We have published statistics of the number of breach reports we receive, every 2 months since October 2018. Publishing this information allows everyone to benefit from a better understanding of how and why breaches happen and how they can be avoided in future. 
 

Reported Data Breaches

Quarter 3 2024

ODPA releases third quarter breach statistics 40

Quarter 2 2024

Be prepared: what you can learn from local data breaches 39

Quarter 1 2024

Be prepared: what you can learn from local data breaches 42

Quarter 4 2023

ODPA publishes latest personal data breach statistics 39

Quarter 3 2023

ODPA publish latest personal data breach statistics 38

Quarter 2 2023

ODPA publish latest personal data breach statistics 32

Quarter 1 2023

ODPA publish latest personal data breach statistics 38

2 months to 31 December 2022

ODPA publish latest personal data breach statistics 28

2 months to 31 October 2022

Preventative measures help mitigate cyber and human risk 24

2 months to 31 August 2022

ODPA publish latest personal data breach statistics 18

2 months to 30 June 2022

Honest conversations about risk to people’s data needed 28

2 months to 30 April 2022

Most recent personal data breaches occur via email according to latest statistics 26

2 months to 28 February 2022

Complexity of personal data breaches revealed 27

2 months to 31 December 2021

Most breaches caused by human error and cyber criminals 25

2 months to 31 October 2021

Our behaviours must change to protect people’s data 26

2 months to 31 August 2021

Highest number of breach reports since 2019 36

2 months to 30 June 2021

‘Effective, successful and trusted’ organisations benefit from considered breach response 29

2 months to 30 April 2021

ODPA sees similar levels of breaches being reported 32

2 months to 28 February 2021

ODPA highlights incorrect email myths 29

2 months to 31 December 2020

2020’s reported data breaches down 30% on previous year 33

2 months to 31 October 2020

ODPA confirms data breaches still at low levels, mostly accidental 34

2 months to 31 August 2020

Lowest number of data breaches: less data harms, or less engagement? 21

2 months to 30 June 2020

Learning and improvement the route to a culture of compliance 34

2 months to 30 April 2020

Commissioner ‘encouraged’ by consistent breach reporting trend 30

2 months to 29 February 2020

Lowest number of breaches in more than a year 28

2 months to 28 December 2019

Data Protection Commissioner calls for a culture of improvement 48

2 months to 27 Oct 2019

Data breaches: workplace culture change needed 44

2 months to 26 Aug 2019

Human behaviour remains key risk to protecting data 32

2 months to 25 Jun 2019

Data Protection Commissioner cautions against a ‘culture of blame’ 50

2 months to 22 Apr 2019

Human error remains biggest risk in data protection locally 40

2 months to 22 Feb 2019

ODPA report further increase in local data breaches 45

2 months to 18 Dec 2018

Increase in local data breaches 28

2 months to 18 Oct 2018

ODPC offers advice after increase in local data breaches 26