Data breach notifications rise again in Q4
The number of data breach notifications filed with the Office of the Australian Information Commissioner increased again during the fourth quarter of calendar 2018 to 262.
The latest Notifiable Data Breaches Quarterly Statistics Report found that nearly two-thirds (64%) of data breaches recorded during the quarter were attributable to malicious or criminal attacks. A further 33% were blamed on human error, with 3% blamed on system faults.
Of the breaches attributed to malicious attacks, most involved breaches stemming from compromised credentials, such as phishing or brute force attacks.
Meanwhile, the number of notifications has now increased every quarter since the scheme commenced. Total notifications rose from 63 in the first quarter (with the scheme having commenced in late February) to 242 in the second quarter and 245 in the third.
The majority of data breaches (156 or 60%) affected between 1 and 100 individuals, with a further 63 affecting 101 to 1,000 individuals. One breach recorded during the quarter affected more than 1 million individuals.
Contact details were involved in 85% of cases reported to the OAIC, making it the most common type of compromised personal information. This was followed by financial details (47%), identity information (36%), health information (27%) and tax file numbers (18%).
Finally, the top five sectors to report breaches were private health service providers (54 reports), finance (40), legal, accounting and management services (23), private education providers (21) and mining and manufacturing (12).
“Preventing data breaches and improving cybersecurity must be a primary concern for any organisation entrusted with people’s personal information,” Australian Information Commissioner and Privacy Commissioner Angelene Falk said. Falk was appointed to the dual role in August.
“Employees need to be made aware of the common tricks used by cybercriminals to steal usernames and passwords. The OAIC works with the Australian Cyber Security Centre to provide prevention strategies for organisations, including regularly resetting and not re-using passwords.”
OVIC has found Public Transport Victoria to be in breach of the state's Privacy Act by...
The Association of IT Asset Management has urged the US government to act on a report finding...
The phishing filters used by various email service providers failed to detect a significant...