Australians have been targeted in more than 300 major data breaches this year - with hackers and criminals getting access to the private data of hundreds of thousands of people.
The Office of the Australian Information Commissioner has revealed that 305 breaches occurred since February 22 - when new mandatory reporting laws came into force - with bank details, credit card numbers, passport information and driver's licences lost or stolen.
The biggest incident involved a multinational company which impacted more than one million Australians.
The health sectors was the worst hit, with 49 major data breaches, but none involved the contentious My Health Record.
The finance sector was the next on the list, with 36 breaches.
Most data breaches impacted 100 or fewer individuals, the OAIC said.
Mandatory reporting requires government agencies, businesses and not-for-profit organisations with a turnover of more than $3 million to notify the OAIC of any breaches.
Acting Information Commissioner Angelene Falk warned Australians they "don't live in a risk free world".
"Ideally there would be no data breaches but we understand every system holding personal information faces risks, whether it's a filing cabinet or a storage device or an online system," she told News Corp.
Hackers or cyber criminals made up 59 per cent of the attacks, while human error such as emailing sensitive information to the wrong address accounted for 36 per cent.
Paperwork and storage devices were also stolen, while in some cases rogue employees misused data.