- Stolen personal data used to craft convincing, targeted scam messages
- WA ScamNet records over $1.4 million lost to hacking and phishing scams in 2025
- Consumers and businesses urged to strengthen their cybersecurity
As data breaches become more frequent in 2025, Consumer Protection is warning the WA community to stay vigilant and take proactive steps to protect their personal and financial information.
Scammers are increasingly using stolen personal data – such as names, email addresses, phone numbers and dates of birth – to tailor their attacks. These details allow scammers to create scam messages that appear more realistic, credible and harder to detect.
New figures from WA ScamNet show that data-related scams are causing significant harm. So far this year, more than $1.1 million has been lost to hacking scams, while phishing scams in October alone cost Western Australians over $323,000 – including a single loss of $314,000.
A data breach occurs when sensitive information is accessed or disclosed without authorisation, whether through malicious attacks, human error, or system failures. Once stolen, this data can be used to impersonate trusted organisations, redirect payments, or launch phishing attacks that trick victims into handing over more personal or financial information.
Recent breaches involving major Australian organisations – including Qantas and the Australian Human Rights Commission – highlight the scale and impact of these incidents.
Commissioner for Consumer Protection Trish Blake said scammers are using stolen data to target individuals with alarming precision.
“Scammers no longer needed to cast a wide net to catch victims – they’re tailoring scam messages to individuals with disturbingly accurate detail,” Ms Blake said.
“A request to confirm account details or pay a fee – especially one that includes your name, address or recent activity – can seem legitimate but may be part of a scam that leads to identity theft, financial loss and emotional distress.
As more personal information circulates online, consumers are urged to take steps to secure both their digital accounts and their identity.
“Start by securing your online accounts – change your passwords or passphrases, enable two-factor authentication wherever possible, and regularly review your security settings to ensure they’re up to date,” the Commissioner said.
“One of the most effective ways to protect your identity in Western Australia is by placing a block on your driver’s licence or learner’s permit through the Department of Transport’s DoTDirect service. This prevents scammers from using those documents for identity verification through the Australian Government’s Document Verification Service.”
Ms Blake also urged businesses to take cyber security seriously, noting that data breaches can result in significant financial, legal and reputational consequences.
“All businesses should invest in strong cyber security systems, provide regular staff training, and act swiftly to identify and contain any breaches,” she said.
“It’s also vital that affected individuals are notified and that serious breaches are reported to the Office of the Australian Information Commissioner.”
Free expert support is available to small businesses and sole traders through IDCARE’s Small Business Cyber Resilience Service. Further information on how to recover from a data breach is available at the Australian Cyber Security Centre.
Scams can be reported in Western Australia via the WA ScamNet website, or by calling 1300 30 40 54 or emailing consumer@lgirs.wa.gov.au
Media Contact: cpmedia@lgirs.wa.gov.au