The biggest Australian data breaches of 2015

Kmart

No payment details were taken because the company uses ANZ Bank's CyberSource payments gateway for credit card processing, but customer names, email addresses, physical addresses, phone numbers and product purchase details were pilfered in the attack.

Kmart was the first of two retailers who use IBM's WebSphere Commerce software to be attacked in the same week, and was followed a day later by...

David Jones

As with Kmart, financial details were safe thanks to the use of a payments gateway, but customer names, email addresses, order details and mailing addresses were taken. It said it had discovered the vulnerability the Friday prior and repaired it.

Aussie Farmers Direct

The company was contacted in the days leading up to the attack in an extortion attempt. No credit card nor banking details were leaked, but names, phone numbers, email addresses and physical addresses were.

Aussie Travel Cover

The firm actually became aware of the breach just before Christmas, but the hacker waited until mid-January to post the data dump online.

The databases contained sensitive customer information such as names, home addresses and other personally identifiable data, along with partial credit card details.

The hacker, "Abdilo", also attempted to gain access to databases via the ACCC and ACMA websites, and posted some of the vulnerability information he found there on the internet.

Queensland TAFE, Education

The compromised data was made up of information lodged by citizens through the enquiries and website feedback forms, Mills said, which reportedly included complaints about child sexual assault and bullying.

The breach was discovered after someone sent in an anonymous threat via email

Ashley Madison

In August, hackers released a second 20GB trove of data stolen from Ashley Madison's parent company, which included information such as emails linked to the company's founder Noel Biderman, source code for the website and internal data. The first data dump was half the size and had exposed the email addresses of millions of Ashley Madison customers, as well as details such as their height, weight and GPS coordinates.

The hackers claimed they acted in protest against the site's business practices, but the data leak had a big impact on the company's customers, with reports of at least two suicides stemming from the release of the data alongside scams and extortion attempts against those desperate to avoid being exposed.

And there were the others overseas ...... US Office of Personnel Management

Not only had more than 21 million US citizens who had undergone background checks for security clearances since 2000 had their personal data stolen by hackers, millions of additional fingerprint records had also been accessed by the malicious actors.

The US OPM attack is one of the worst security breaches to occur to date, given the scale and type of information stolen.

Anthem

It claimed the data was restricted to names, dates of birth, member ID/Social Security numbers, addresses, phone numbers, email addresses and employment information such as income data - little comfort for those whose personal details are expected to end up on the black market.

Hacking Team

The information spanned everything from customer records, invoices and source code to internal emails. It revealed a laundry list of the company's government clients, which included agencies from Australia as well as governments criticised for human rights violations - which Hacking Team had previously denied working with. The company has vowed to continue and create a new version of its Remote Control System spyware.

TalkTalk

Five people have been arrested over the ordeal, which involved blackmail attempts. It was the fourth data breach to hit the company this year. The attackers targeted a well-known vulnerability in its website platform.

VTech

The names, physical and email addresses, and passwords of over 4.8 million parents along with the first names, birthdays and genders of over 200,000 children were leaked through what Microsoft most valued professional Troy Hunt said was a lack of basic precautions on the company's website.

The company asked for a lot of information from parents about themselves and their children, but didn't protect the sensitive data properly - the website database was exposed to the internet.

LastPass

No encrypted user vault data was taken and LastPass user accounts weren't accessed. The company said its encryption measures were strong enough to protect users, but advised them to update their master passwords and, if logging in from a new device or IP address, to verify their accounts, just in case. The company had a previous security breach in 2011.

Experian