The number of online scams is increasing, prompting the Privacy Commission to urge agencies to report suspicious activity.
There was a notable increase in data breaches reported to the Office of the Privacy Commissioner (OPC) last year.
It has reported a 41 percent increase in privacy breaches which meet the serious harm threshold.
Privacy Commissioner Michael Webster said agencies and businesses must protect the data of the public they hold - that means reporting a suspected breach as soon as possible.
"The industries reporting most serious breaches are (in this order): health care and social assistance, public administration and safety, services (professional, scientific, technical, administrative and support services), education and training, finance and insurance.
"There is also a slight increase in the percentage of serious breaches caused by malicious activity; however, the majority of breaches are caused by human error."
Webster said the most common breaches caused by human error are email errors or unauthorised sharing.
Unauthorised access, the most common type resulting in a serious breach, "includes phishing attacks, email system high-jacking for spam or fraud, and installing malware including ransomware".
"These malicious attacks can impact on the privacy of thousands of people."
Webster said by far the most common type of harm associated with serious privacy breaches is emotional harm. Other common types of harm include reputational harm, identity theft and financial harm.
He said victims should reach out and report a suspected breach to the OPC as soon as possible.
"Report it. Report the breach as early as possible. Notifiable privacy breaches should be reported within 72 hours of the breach being identified.
"We will work with you as you go through a triage response and help guide you to bring your agency through a crisis."