Australia’s Information Media and Telecoms Industry Under Spotlight as 50 Million Australian Records Lost to Cybercriminals

Flashpoint’s risk landscape report shows percentage of stolen Australian credentials in 2022 increases by 99%

April 3, 2023

SYDNEY, April 3, 2023  — Flashpoint, the globally trusted leader in risk intelligence, today released a new report on the state of Australia’s cyber threat intelligence—a first-of-its-kind data-driven analysis of emerging security and intelligence trends impacting organisations across the public and private sectors.

Following international trends outlined in Flashpoint’s global State of Cyber Threat Intelligence Report, the Australian report showed Australia’s Media and Telecommunications division was victim to an enormous 72 per cent of Australia’s 50 million stolen credentials – a 99 per cent increase when compared to 2021, while the Australian Public Sector accounted for nearly 20 per cent of the country’s total data breaches.

The global report has highlighted the resiliency of threat actors and illicit communities and markets, which continue to re-emerge despite takedowns. Flashpoint’s intelligence collection observed 190 new significant illicit marketplaces emerge in 2022 alone, with indications the trajectory will continue. 

2022 was a prolific year of cyberattacks in Australia, with a record number of breaches reported when compared to previous years. Flashpoint identified a record 56 successful ransomware attacks alone aimed at Australian organisations. 

Fraud and phishing campaigns remain one of the more commonly used methods employed by threat-actors, however, ransomware attacks are increasingly used by advanced persistent threat (APT) groups such as those highlighted by the turning point attacks on Optus and Medibank.

“Security and intelligence teams responsible for protecting their assets, data, and infrastructure must resist identifying and mitigating cyber threats in a silo.”

Ben GestieR, Sr. Analyst APAC/EMEA

Flashpoint tracked specific illicit market discussions that involved the trade, purchase, sale, or general procurement of exploit code, ranging in price from AUD $3,000 to more than $15,000.

Flashpoint’s data also indicated threat actor focus is on obtaining email addresses and account credentials, however, all personally identifiable information (PII) is at risk of being exfiltrated for financial gain. 

Poor cybersecurity practices exacerbated by the rapid shift to remote and hybrid work, in addition to the targeting of APT groups from China and Russia, is a key factor in the drastic increase in exposed Australian records. 

2022’s cyber incidents have spurred the recent announcement of the government’s intention to appoint a Coordinator for Cyber Security, and Australia now ranking first among global peers for cyber progress. These changes are timely as Flashpoint’s report indicates attacks are on track to increase further in 2023.

State of Cyber Threat Intelligence: Global Edition

Read Flashpoint’s deep dive into the perpetual cycles of cybercrime, along with guidance on how to fight back in the year ahead.

Senior Intelligence Analyst and Team Lead APAC/EMEA for Flashpoint, Ben Gestier, says there has never been a more pressing need for an all-hands on deck approach to cybercrime. A sentiment in line with Prime Minister Anthony Albanese announcing that ‘strengthening Australia’s cybersecurity is a fundamental priority’.

“Security and intelligence teams responsible for protecting their assets, data, and infrastructure must resist identifying and mitigating cyber threats in a silo,” says Gestier. “A nation’s risk landscape is too volatile and complex for a single business or government to decipher in full. An all-encompassing view of risk is needed to shore up defences and mitigate attacks when they occur.”

The full report can be found here.

About Flashpoint

Trusted by governments, commercial enterprises, and educational institutions worldwide, Flashpoint helps organisations protect their most critical assets, infrastructure, and stakeholders from security risks such as cyber threats, ransomware, fraud, physical threats, and more. Leading security practitioners—including physical and corporate security, cyber threat intelligence (CTI), vulnerability management, and vendor risk management teams—rely on the Flashpoint Intelligence Platform, comprising open source (OSINT) and closed intelligence, to proactively identify and mitigate risk and stay ahead of the evolving threat landscape. Learn more at

Subscribe to our weekly threat intelligence newsletter

Interested to see top news from Flashpoint hit your inbox directly? Subscribe to our newsletter to receive curated content on a bi-weekly basis.