The Office of the Data Protection Authority (ODPA) has released personal data breach statistics for Q2 2025.
The ODPA saw a similar number of self-reported personal data breaches in the second quarter compared to the first, but the average severity was lower than earlier in the year.
The ODPA processed a total of 52 self-reported breaches in the second quarter, following 53 in the first.
Eight of the cases were graded as high-risk, down from fourteen in the prior period.
The most common type of self-reported breach was personal data being sent to the incorrect email recipient.
Case study:
One personal data breach involved patient confidentiality. A member of the public had asked for details of a medical referral on behalf of a family member.
These were provided verbally despite the fact that it was not clear whether the family member was authorised to request this information on the patient’s behalf.
This case study highlights the importance of proper authorisation when sharing information about a third party, even if a verified family member.
