That’s the shocking finding of the first-ever snapshot of major data breaches in Australia, released today.

It reveals at least two major data breaches are occurring in Australia every day where individuals are exposed to “serious harm” when their private information is stolen by hackers or lost through human error.

The scale of the problem has only been revealed through new mandatory reporting laws that came into force on February 22.

In just six weeks since the laws were introduced, there have been 63 major data breaches in Australia.

ANALYSIS: The simple question that snagged Zuckerberg

TIMELINE: How Facebook became a trainwreck

Companies and organisations have been forced to report the breaches to the Office of the Australian Information Commissioner or face heavy fines of up to $2.1 million.

The number of data breaches reported in just six weeks has already reached more than half of the 114 data breaches reported in 2016-17 when notifying the government and any individuals affected was voluntary.

Hackers were responsible for almost half (44 per cent) of the data breaches in the past two months.

More than half (51 per cent) of the major data breaches however were the result of human error.

Australians contact information — such as phone numbers, addresses and email addresses — were the most common form of private data lost or stolen, featuring in 78 per cent of breaches.

But private financial data and health data were hacked or lost in about a third of breaches.

In 10 per cent of the major data breaches, there more than 1000 Australians affected in each incident.

In the rest of the incidents, there were fewer than 1000 people affected in each case and in 59 per cent of cases, less than ten people were affected.

Acting Australian Information Commissioner and acting Privacy Commissioner Angelene Falk said this morning the Facebook-Cambridge Analytica scandal was a timely reminder for businesses of the importance of corporate responsibility for privacy protection.

“Facebook CEO Mark Zuckerberg has been quoted as saying, ‘we didn’t have a broad enough view of what our responsibility is. That was a huge mistake…,” she said in a speech in Sydney this morning.

“Regardless of whether or not breaches of Privacy law are found to have occurred or not, these events are an opportunity for all businesses to consider whether their handling of personal information is not only compliant, but aligns with community expectations.

“And it is important that businesses takes this opportunity to ensure the benefits of data innovation to the community and the economy can be realised.”

The Commissioner said the fact that almost half of data breaches were due to human error showed the importance of staff training on information handling and strategies for managing data for companies.

“Businesses need to be trusted custodians of the personal information of Australians,” she said.

“This is not only a legal imperative and a business imperative; there is a compelling case for businesses entrusted with the personal information of Australians, to be ethical stewards of that information.”

The health sector was the worst hit by data breaches, affected in a quarter of cases since February.

Legal, accounting and management services were hit in 16 per cent of cases, the finance sector was hit in 13 per cent of cases, private education was affected in 10 per cent of cases and charities in 6 per cent.

Companies have been forced to notify the OAIC and any Australian impacted by the breach within 30 days.