At least one-in-three adult Australians have had personal data such as driver's licence numbers and home addresses stolen in the past year, according to a survey by the Australian National University (ANU).
The survey found about 6.4 million people had been exposed to data breaches. The researchers surveyed 3,000 Australians in a nationally representative sample.
Australians aged 25-34 were the age group most likely to be victims of a data breach.
Study co-author Nicholas Biddle said these figures were "a little" higher than expected, although there was little data to show how many Australians may have had their data stolen in previous years.
"Cybercrime more broadly has gone up," he said.
"Many Australians would be unaware they've had their data stolen, so the real figure would be even higher."
Optus hack has affected trust in broader system
The survey found that high-profile corporate data breaches not only reduced public trust in those companies with regards to data privacy, but in other institutions as well, even if they had not been recently hacked.
The survey was conducted shortly after the high-profile Optus data breach that impacted millions.
The past year has also seen data breaches at Bunnings, Red Cross Australia, Woolworths, and the Victorian, NSW, South Australian and federal governments, as well as elsewhere.
"There's flow-on effects for the broader system when one large institution experiences a breach like this," said Professor Biddle.
Put simply, companies getting hacked is harming the public's willingness to share personal data with any institution, which will have implications for areas like public health and disaster response.
"People with lower trust in institutions with regards to data privacy are less likely to use QR codes for check-ins," Professor Biddle said.
"And next year it might be something around floods or some other use of data that's helpful for delivery of public services."
Support for more government intervention
The survey also found a shift in sentiment towards support for stronger regulation and better protection.
Over the past year, the proportion of Australians who thought that government should regulate companies' use of data increased from just under 84 per cent to over 90 per cent.
The proportion of Australians who thought it was the responsibility of consumers to ensure their data was secure decreased from about two-thirds to under half.
People also wanted to see consequences for companies that weren't able to protect their data.
Almost all adults (96.2 per cent) said companies that do not adequately protect consumer data should face significant sanctions.
"There has been an increase in the proportion of people who think that individuals within companies in particular should be held personally accountable," Professor Biddle said.
"This opens up the opportunity for the government to bring in regulation."
The Optus data breach has sparked calls for changes to Australia's privacy laws, placing limits on what and for how long organisation can hold personal data.
The government has also flagged the idea of a centralised digital ID system, possibly using MyGov, so that companies don't have to store people's data separately.
"Over the past 12 months people have become far more willing and supportive of governments regulating companies' use of data," Professor Biddle said.
"All these regulations might have a cost — it might increase the cost to consumers of services — but people seem more willing to bear that cost."
