Australians urged to improve cyber hygiene after spate of high-profile hacks including Ticketek & Ticketmaster

Australians are being urged to improve their cyber hygiene in 2025 after millions had their personal information leaked online this year in a spate of high-profile and far-reaching data breaches.

The Australian Signals Directorate’s Australian Cyber Security Centre — which leads the Australian Government’s efforts to improve cyber security — has revealed that in the 2023-24 financial year, it received a cybercrime report every six minutes.

In its released annual Cyber Threat Report, the federal agency revealed Australians made more than 87,400 cybercrime reports last financial year while the Australian Cyber Security Hotline received on average 100 calls a day.

The top three cybercrimes reported by individuals were identity fraud (26 per cent), online shopping fraud (15 per cent) and online banking fraud (12 per cent).

The average cost to individuals of each cybercrime report increased to around $30,700.

In 2024, a hacking spree involving a cloud services provider, Snowflake, was one of the biggest in history due to the scale of personal data stolen in the breaches.

Snowflake is a data warehousing tool where companies store massive amounts of information.

Over a number of months, more than 165 Snowflake customers — including AT&T, Santander bank, Ticketmaster owner Live Nation Entertainment, Ticketek owner TEG, Lending Tree, Advance Auto Parts and Neiman Marcus — had their data exposed or stolen.

As a part of the Snowflake breaches, the personal information of millions of Australians who held accounts with Ticketmaster and Ticketek was stolen and shared in criminal forums.

The compromised data reportedly included names, phone numbers, addresses and partial credit card details.

Troy Hunt, founder and CEO of Have I Been Pwned, recently said the Ticketek breach — one of the largest breaches impacting Australias — revealed 17 million email addresses.

And while the data breach cannot be undone, Australians can take simple steps to protect their personal information in 2025.

A good start is to visit Hunt’s website Have I been Pwned? which allows anyone to check if their email or phone has been caught in a data breach.

The ASD says every Australian needs to continually improve their cyber security practices to protect themselves and their families from these cyber threats.

“For individuals, it’s about practicing good cyber hygiene,” the agency said.

“Some of the most effective ways to protect yourself online are also the easiest to use, fastest to set up and often free.”

The ASD is urging all Australians to take the following steps over the holiday break to mitigate against common cyber security threats in 2025:

1. Enable multi-factor authentication (MFA) for online services, when available. This means using two or more different actions to confirm your identity after entering your password to log into an account.
2. Stop using the same password for everything and create unique passwords for every account and service. Even better, change your passwords to long, unpredictable and unique passphrases.
3. Use a password manager to create and manage passwords. With a password manager, you only need to remember one master password.
4. Keep devices and software up to date. Turn on automatic updates for all software (including mobile apps) and do not ignore update prompts.
5. Use antivirus protection. Your devices likely come with built in antivirus software. Third-party antivirus products can also offer more security features over free versions.
6. Avoid public Wi-Fi as cybercriminals target public networks to gain access to users’ sensitive information.
7. Recognise and report phishing. Be alert for phishing messages, calls and scams. If you are unsure, call the official phone number of the organisation to check.
8. Backup important files and device configuration settings regularly.
9. Delete unused accounts. Get rid of old email accounts no longer in use. Leaving them active can expose your personal information since you’re not checking them.
10. Secure your social media and limit the personally identifiable information you share online.

“Social media is a great way to stay in touch with friends and family, post your photos, and keep up to date with news,” the ASCS said.

“It is also an ideal place for cybercriminals to steal your information.

“Protecting accounts is the first line of defence to protect your information from cybercriminals.”

To report and recover from scams, visit the ASD’s ACSC.