Australia has recorded nearly 400,000 compromised online accounts in the first three months of 2025 (Q1 2025), making it one of the more heavily impacted countries globally by data breaches, according to new findings from Surfshark.
The cybersecurity research highlights a continued need for vigilance as email scams and ransomware attacks put additional strain on insurers and risk managers.
The number of compromised accounts globally dropped significantly in Q1 2025 to 68.3 million, down from nearly one billion in the same period last year.
Despite this decline, Australia ranked 16th among affected countries, with around 398,500 breached accounts during the quarter. This marked a 98% decrease compared to the 17 million breaches reported in the final quarter of 2024.
Luis Costa, research lead at Surfshark, noted that the drop follows a peak in breach activity during late 2024.
“In Q1 2025, the number of leaked accounts dropped dramatically, following the alarming surge in breaches seen in 2024, particularly in Q3 and Q4. Unlike the previous year, which saw compromised data reach record levels, Q1 2025 experienced a sharp decrease in exposed accounts,” he said.
He said maintaining security best practices, such as regulator password updates and enabling two-factor authentication, remains critical.
“Although the number of vulnerable accounts in all major regions decreased in Q1 2025 compared to the previous quarter, people should remain vigilant. Cyberthreats continue to evolve and attackers are constantly adapting their tactics,” Costa said.
Since 2004, Australia has seen over 193 million user accounts compromised, positioning it as the most affected country in the Oceania region. Data showed that 107 million passwords were exposed along with these accounts, heightening the risk of unauthorised access and identity-related crimes. On average, Australians have experienced seven data breaches per person, ranking among the highest in Australasia.
In 2024, email scams accounted for roughly 91,000 scam reports, according to data from the ACCC’s Scamwatch. In early 2025, the trend continued, with nearly 18,000 incidents lodged in January and February alone.
Scamwatch data showed Australians have lost close to $300 million to email-based scams since 2020. Men made up 60% of these losses, with the highest impact seen among individuals aged 65 and older, who lost $63 million across 67,000 complaints. Women aged 45 to 54 reported higher average losses, with 19,000 incidents amounting to $29 million.
Investment fraud accounted for nearly half of total financial losses associated with email contact. These scams often involve criminals posing as representatives of financial service providers. Other common scams by financial impact include false billing (28%), marketplace fraud (4%), romance scams (4%), and fake online stores (4%).
While most investment frauds initially begin via phone or social media, email is still a frequent follow-up method. New South Wales recorded the highest incidence of investment scam reports per capita, and the largest monetary losses, exceeding $330 million since 2020.
Ransomware attacks are adding further complexity to cyber risk management. According to Bitdefender’s March 2025 threat report, Australia ranked sixth globally for ransomware detections in February. That month saw 962 recorded incidents – more than double the 425 reported during the same period last year.
