The worrying spike in data breaches since October comes on the back of two major cyber attacks on key Australian service providers Optus and Medibank.

The rise in online privacy breaches around the country is defying a global trend where attacks have decreased, according to a quarterly report from data leak detection service Surfshark.

Surfshark lead researcher Agneska Sablovskaja said the rise could be partly explained by the addition of the 1.75 million email accounts breached in the Medibank cyber attack.

“Globally, data breaches have gone down by 70.8 per cent from October to November,” Ms Sablovskaja said.

“In Australia, however, data breaches have surged by 1550 per cent – from 107,659 in October to 1,776,065 in November.”

The nation might be seen as a “soft target” by international cybercriminals, said Susan McLean, a cyber security expert and former Victoria Police officer from Cyber Safe Solutions.

“It’s often opportunistic offending, they look at what’s out there, how it’s being stored, and they’ll have a crack at most large systems to see how they go,” Ms McLean said.

“We know that this is a fast-growing crime, and we know that the offenders are often one step ahead.

“If you retain any data on anyone, this should be a wake-up call to you to make sure that your systems are top notch so you’re not becoming front-page news for all the wrong reasons.”

Hackers had different motives and that made it difficult to predict where they might strike next, Ms McLean said.

“It depends what a hacker is after, which dictates what sort of company they’re going to go at,” she said.

“There are many that just want to inflict a nuisance, there are others like the Optus one where they could get identification information that they could use to take out loans and credit cards, so there’s a very easy financial reward for them there.

“With Medibank, the data itself is absolutely useless to them, but they were certainly hoping that Medibank would pay a ransom, and of course that’s the one thing you never, ever do, is pay a ransom to someone who is hacking you.”

Another factor in the high density of Australian data breaches might be the weakness of schools in protecting their students’ and staff members’ data, Ms McLean said.

Melbourne private school Xavier College was attacked in June and told the Office of the Australian Information Commissioner that around 45 people had their financial information stolen, while a month earlier Alkira Secondary College was repeatedly attacked by a hacker who threatened to expose the personal details of teachers to the public.

Ms McLean said Australian schools were being hacked regularly and were “one of the weakest links in the cyber security chain”.

She called for the implementation of a stronger and more uniform data storage system across schools, but said it often came down to how the data was managed by individuals.

“It’s schools’ internal systems that are slack, it’s the third party products that they often use

to manage roles, absences … the check-in kiosks at schools are notoriously bad when it comes to putting safety front and centre,” she said.

“But it’s only as good as the person storing it – if you look at Optus, clearly they kept some data longer than they should have, but by and large they were legally allowed to take that data.

“However, the law also stated that it had to be encrypted when it wasn’t – so we had a law where the data had to be encrypted, Optus didn’t follow it, and now we have a mess.”

Ms McLean urged organisations to take extra care of how they protected data amid the rise in attacks.

“We can have laws in place, but unless they’re followed, unless they’re checked up and policed, they’re not worth the paper they’re written on.”