That’s more than two data breaches which expose Australian’s to “serious harm” per day.

“Malicious or criminal” cyber attacks were responsible for more than half of the 245 data breaches that occurred in the three months from July to September alone, while human error by staff charged with protecting customers’ data accounted for a shocking 37 per cent of the breaches.

Staff were also frequently tricked by “phishing” scams, where cyber criminals use emails or text messages that look like legitimate requests for information to steal data such as passwords or personal details.

The seriousness and frequency of the breaches have only been exposed now through new mandatory reporting laws, launched on February 22.

In the seven months since then, 550 major data breaches have occurred. That’s almost five times as many as the 114 data breaches that were reported last year when notifying the government or any Australian impacted by the breach was voluntary.

“Our latest report shows 20 per cent of data breaches over the quarter occurred when personal information was sent to the wrong recipient, by email, mail, fax or other means,” Australian Information Commissioner and Privacy Commissioner Angelene Falk said today, as the latest quarterly update on data breaches was released.

The Commissioner issued a warning to companies and organisations that they need to train staff on how to identify risks and prevent data breaches as “part of business as usual”.

“Organisations and agencies need the right cyber security in place, but they also need to make sure work policies and processes support staff to protect personal information every day,” she said.

“Importantly, we also need to be on the alert for suspicious emails or texts, with 20 per cent of all data breaches in the quarter attributed to phishing.”

In the two worst data breaches during the September quarter, between 100,000 and 250,000 people had their data lost or stolen.

Contact details such as home addresses, phone numbers or email addresses were the most frequently lost or stolen by hackers, exposed in 85 per cent of data breaches.

Bank accounts and other financial details were the next most frequently exposed in 45 per cent of cases.

Passport details and other identity information such as drivers’ licence numbers were exposed in 35 per cent of cases. Health information was stolen or lost in 22 per cent of cases.

Most breaches (63 per cent) hit fewer than 100 people, but there were 65 breaches in the September quarter that hit between 101 and 1000 people and a further 22 that hit larger numbers of people.

In the worst breach in the previous quarter, more than one million Australians had their private data lost or stolen.

The medical industry was the worst hit, with private health service providers reporting 45 breaches in just three months from July to September, followed by the financial industry, the legal, accounting and management industries and private education providers.