I once received notice from a business letting me know that my medical data has been stolen. The letter was quite evasive and carefully worded but I understood that someone walked in and grabbed an external hard drive that had all the medical data on it, unencrypted. This is one of the larger medical businesses in Victoria by the way. Included with my medical information is my identity information that can be used maliciously. This is happening frequently here with big names being reported but many smaller names going unnoticed.
The problem is the amount of information that organisations are asking for and are lax in protecting. Making the so-called "identity theft" a big risk.
I can also share that I've been in meetings with clients where security and privacy advice wasn't welcome and brushed off as being unimportant. There's been some welcome moves by the federal government somewhat recently to get businesses to treat this issue seriously but so far it's only in the form of advice and I can tell you the advice wasn't the thing that was lacking.
edit: Oh and the notice that my data was stolen came a few months after it happened, from memory.
rvz•2h ago