Privacy breaches have become increasingly prevalent, exposing individuals to significant risks. These breaches can have far-reaching consequences, including identity theft and life-threatening situations. Several studies have analysed data and privacy breaches and presented detection or prevention techniques to combat these breaches. However, because the number and type of breaches have significantly increased, these studies have become less relevant or outdated. Previous research on data/privacy breaches compared the techniques and results of various studies, but none attempted to comprehensively analyse the type of information and the type and level of compromise that occurred after such breaches. In this survey, we examine the fundamental concepts of privacy and security and define the security incidents and data/privacy breaches. We propose a set of criteria to evaluate the published studies on privacy breaches. We thoroughly investigate the problem domains and security-related concerns considering six recent breach cases in Australia, elucidating the critical challenges and issues associated with privacy breaches. We comprehensively review and outline the trends of security incidents and data/privacy breaches from 2020 to 2023. Additionally, we review the current state-of-the-art countermeasures to safeguard against these breaches. Finally, we identify an open research direction to develop an artificial intelligence (AI)-powered security framework that can help analyse cyber threats, characterise attackers' behaviours, distinguish between legitimate and illegitimate privacy policies, and restrict access to individuals' information. Overall, this survey will help organisations to reassess and update their security and privacy measures.

With the Internet of Things (IoT) generating vast amounts of data, privacy breaches have become increasingly prevalent, exposing individuals to serious risks such as identity theft and life-threatening situations. This research addresses the challenge of identifying cybersecurity threats and vulnerabilities leading to privacy breaches, as evidenced by recent cyber-attacks on Australian Medibank, Optus, and hospital networks. We propose a machine learning (ML)-based approach to distinguish between legitimate and rogue privacy policies, defining fundamental concepts of privacy, security, and access control in the context of personal, confidential, and sensitive information breaches. Our methodology introduces zero-privacy (ZP) and binary question-answer (QA) models to discern legitimate versus illegitimate actions or interests within privacy policies. Our experiments utilise natural language processing (NLP)-based ML models to analyse the linguistics of privacy policies. In experiments conducted on a dataset from the top 100 Forbes-listed companies, including 67 rogue policies, our privacy classification approach demonstrates reliability, accurately distinguishing between legitimate and rogue policies. With a dataset split of 90% for training and 10% for testing, our model achieves accuracy and precision exceeding 94% and 91%, respectively. Additionally, we evaluate the probability of ZP occurrences in organisations’ privacy and service-level agreements, revealing significant privacy breach risks. Through case studies utilising our proposed binary QA model, we underscore the urgent need for enhanced privacy measures across various organisations’ policies. Introducing a novel approach to access control, we specify permissions under conditions of legitimate and rogue privacy policies, exemplifying the applicability of our proposed access control mechanism through security policy modelling.