Data breach notifications rise again in Q4
The number of data breach notifications filed with the Office of the Australian Information Commissioner increased again during the fourth quarter of calendar 2018 to 262.
The latest Notifiable Data Breaches Quarterly Statistics Report found that nearly two-thirds (64%) of data breaches recorded during the quarter were attributable to malicious or criminal attacks. A further 33% were blamed on human error, with 3% blamed on system faults.
Of the breaches attributed to malicious attacks, most involved breaches stemming from compromised credentials, such as phishing or brute force attacks.
Meanwhile, the number of notifications has now increased every quarter since the scheme commenced. Total notifications rose from 63 in the first quarter (with the scheme having commenced in late February) to 242 in the second quarter and 245 in the third.
The majority of data breaches (156 or 60%) affected between 1 and 100 individuals, with a further 63 affecting 101 to 1,000 individuals. One breach recorded during the quarter affected more than 1 million individuals.
Contact details were involved in 85% of cases reported to the OAIC, making it the most common type of compromised personal information. This was followed by financial details (47%), identity information (36%), health information (27%) and tax file numbers (18%).
Finally, the top five sectors to report breaches were private health service providers (54 reports), finance (40), legal, accounting and management services (23), private education providers (21) and mining and manufacturing (12).
“Preventing data breaches and improving cybersecurity must be a primary concern for any organisation entrusted with people’s personal information,” Australian Information Commissioner and Privacy Commissioner Angelene Falk said. Falk was appointed to the dual role in August.
“Employees need to be made aware of the common tricks used by cybercriminals to steal usernames and passwords. The OAIC works with the Australian Cyber Security Centre to provide prevention strategies for organisations, including regularly resetting and not re-using passwords.”
Zero Trust, a strategic initiative designed to stop data breaches, has come of age in the last 12...
The Attorney-General's Department will recommend that the ACSC's Essential Eight threat...
As organisations increasingly rely on user data and employees access sensitive information from...