Data breach notifications grew to 245 last quarter

The number of data breaches disclosed under the Notifiable Data Breach legislation increased to 245 in the September quarter, up from 242 in the prior quarter.

The Office of the Australian Information Commissioner’s latest Notifiable Data Breaches report found that 57% of incidents reported during the quarter were attributed to malicious or criminal attacks, with 37% attributed to human error and 6% to system faults.

This is broadly comparable with the June quarter, when 59% were attributed to criminal attacks, 36% to human error and 5% to system faults.

Of the breaches reported, 63% involved the personal information of 100 or fewer individuals.

Private health service providers were the top industry sector to report data breaches (45), compared to finance (35), legal accounting and management services (34), private education providers (16) and personal service providers (13).

Acting Information Commissioner and Privacy Commissioner Angelene Falk said the statistics indicate that training staff on how to identify and prevent privacy risks needs to be part of business as usual.

“Everyone who handles personal information in their work needs to understand how data breaches can occur so we can work together to prevent them,” she said.

“Organisations and agencies need the right cybersecurity in place, but they also need to make sure work policies and processes support staff to protect personal information every day. Our latest report shows 20% of data breaches over the quarter occurred when personal information was sent to the wrong recipient, by email, mail, fax or other means.”

The report also found that 20% of data breaches during the quarter were attributed to phishing, so teaching vigilance should be a key part of these policies and processes, Falk said.

Sailpoint CEO and co-founder Mark McClain added that the report demonstrates that local organisations are still struggling to understand the risks associated with compromised human credentials.

“An organisation’s users have become the easiest way into an organisation for hackers today. With just one breached identity, a hacker suddenly has the proverbial keys to the kingdom when it comes to an organisation’s sensitive data,” he said.

“In addition to a rise in data breaches, the report findings highlight the need for organisations to have robust identity governance policies in place as a means to reduce the human risk associated with data loss — which accounted for 92 counts of data loss last quarter. It sounds simple, but understanding who has access to what applications and data, who should have access and how they are using that access is the surest path to a more secure enterprise today.”

Image courtesy OAIC.

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.