To report cyber incidents, please contact the responsible body below. Other reporting obligations may apply in your jurisdiction. It is the responsibility of providers to ensure they are aware of, and meeting, their reporting requirements with state and territory cyber security agencies.
Office of the Australian Information Commissioner (OAIC)
An institution that is covered by the Privacy Act 1988 needs to notify the OAIC if a data breach has occurred, along with any individuals who may be at risk of serious harm.
Australian Signals Directorate (ASD)
Under the Security of Critical Infrastructure Act 2018 and the Cyber Security Act 2024 it is mandatory for a university to report certain cyber incidents to the ASD.
Other cybercrimes, cyber security incidents or vulnerabilities can be reported to the Australian Cyber Security Centre within the ASD.
Tertiary Education Quality and Standards Agency (TEQSA)
Providers need to notify TEQSA of incidents where there is a significant data breach and the provider may be at risk of not meeting its obligations under the Threshold Standards.
Cyber security