Data breach notifications rise again in Q4

By Dylan Bushell-Embling
Thursday, 07 February, 2019

Data breach notifications rise again in Q4

The number of data breach notifications filed with the Office of the Australian Information Commissioner increased again during the fourth quarter of calendar 2018 to 262.

The latest Notifiable Data Breaches Quarterly Statistics Report found that nearly two-thirds (64%) of data breaches recorded during the quarter were attributable to malicious or criminal attacks. A further 33% were blamed on human error, with 3% blamed on system faults.

Of the breaches attributed to malicious attacks, most involved breaches stemming from compromised credentials, such as phishing or brute force attacks.

Meanwhile, the number of notifications has now increased every quarter since the scheme commenced. Total notifications rose from 63 in the first quarter (with the scheme having commenced in late February) to 242 in the second quarter and 245 in the third.

The majority of data breaches (156 or 60%) affected between 1 and 100 individuals, with a further 63 affecting 101 to 1,000 individuals. One breach recorded during the quarter affected more than 1 million individuals.

Contact details were involved in 85% of cases reported to the OAIC, making it the most common type of compromised personal information. This was followed by financial details (47%), identity information (36%), health information (27%) and tax file numbers (18%).

Finally, the top five sectors to report breaches were private health service providers (54 reports), finance (40), legal, accounting and management services (23), private education providers (21) and mining and manufacturing (12).

“Preventing data breaches and improving cybersecurity must be a primary concern for any organisation entrusted with people’s personal information,” Australian Information Commissioner and Privacy Commissioner Angelene Falk said. Falk was appointed to the dual role in August.

“Employees need to be made aware of the common tricks used by cybercriminals to steal usernames and passwords. The OAIC works with the Australian Cyber Security Centre to provide prevention strategies for organisations, including regularly resetting and not re-using passwords.”

Image credit: ©

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Related Articles

Authentication best practices to achieve Zero Trust

Zero Trust, a strategic initiative designed to stop data breaches, has come of age in the last 12...

AGD consulting on making Essential Eight mandatory

The Attorney-General's Department will recommend that the ACSC's Essential Eight threat...

Bridging the data trust gap

As organisations increasingly rely on user data and employees access sensitive information from...

  • All content Copyright © 2021 Westwick-Farrow Pty Ltd