Australia had the highest “data breach density” in the world as of the fourth quarter, according to new data compiled by Surfshark.
On average, 7387 user accounts were leaked per 100,000 Australians during the first two months of this quarter, making its breach density 24 times higher than the global average, the privacy protection firm claimed.
Second came Russia (2568 accounts per 100,000), followed by Turkey (2421 per 100,000).
These figures are largely down to the Medibank breach, among Australia’s largest ever, which Surfshark said exposed nearly 1.8 million email accounts and comes second only to the 2020 Wattpad breach, which exposed 2.45 million accounts.
However, other reports claimed as many as five million Medibank customers were impacted by the breach.
So far this quarter an average of 22 Australian accounts have been breached every minute, versus just two in the previous quarter. This is mostly down to the 1.88 million Australian user profiles stolen during October and November – which itself is up from 300,000 in Q3 2022, Surfshark said.
This is a 489% increase – Australia’s highest quarterly spike in data breach count this decade, the firm claimed.
It’s also bucking the global trend, according to Surfshark lead researcher, Agneska Sablovskaja.
“Globally, data breaches have gone down by 70.8% from October to November. In Australia, however, data breaches have surged by 1550% – from 107,659 in October to 1,776,065 in November,” she added.
The Medibank incident saw hackers steal records featuring names, addresses, dates of birth, Medicare numbers, policy numbers, phone numbers, claims data and even passport numbers for some international students.
After failing to extort the insurer, they dumped it all online. The firm is now the subject of an investigation by the Australian privacy watchdog and the case sparked new legislation in the country that will mean businesses are fined $50m for repeat or serious data breaches.
However, Australia is still only 16th in the world by total data breach count, according to Surfshark. Since 2004, the country has had 125.8 million accounts breached versus 9.73 billion in the US, it claimed.