Australia's Computer Emergency Response Team (CERT) has tracked 250,000 pieces of stolen business data in the past six months, according to figures released by Attorney-General Robert McClelland.
The data included passwords and account details, McClelland said.
It was provided back to businesses that had been victims of security incidents to "allow them to take steps to protect their systems and their customers".
The statistic was released to coincide with a survey on identity theft commissioned by the department to inform the creation of a national identity security strategy.
The survey of 1,200 people found one in six had been the victim - or knew of a victim - of identity theft.
The internet was the most common vector for theft or misuse of personal information (58 percent), followed by loss of a credit or debit card (30 percent).
The stolen data was mostly used to buy goods and services online or to obtain finance or credit, the survey found.