Human error blamed for third of NDBs in Q2

The number of data breach notifications increased every month during the second calendar quarter, reaching 84 in June, according to the the Office of the Information Commissioner.

The office’s latest Notifiable Data Breach quarterly report shows that 245 notifications were filed during the quarter, up from 215 in the prior quarter. All told, 967 breaches were filed during the 2018–19 financial year.

The majority (62%) of breaches reported during the quarter affected 100 individuals or fewer, with breaches affecting between one and 10 individuals comprising 42% of notifications.

But 13 breaches reported during the quarter affected more than 5000 individuals, with one affecting between one and 10 million.

Human error continues to be a factor in around one in three data breaches, with malicious or criminal attacks accounting for 62% and system faults for 4%.

Of the 151 breaches attributed to malicious attacks, 69.5% involved cyber incidents such as phishing, malware or ransomware, brute force attacks, or the use of compromised credentials.

Leading human error-related causes include sending private information to the wrong recipient over email (29 breaches) or mail (9), as well as unintended release or publication of private data (15%).

“The fact that there is a human factor involved in so many cases demonstrates the need for staff training to increase awareness of cyber risks and to take the necessary precautions,” said Australian Information Commissioner and Privacy Commissioner Angelene Falk.

She said the notifiable data breach scheme had proven an effective mechanism for organisations to notify individuals and regulators of eligible data breaches.

“The reporting regime has been well accepted and the onus is now on organisations to further commit to best practice in combating data breaches and improving response strategies,” she said.

“Effecting change in practices to prevent breaches is vital to the goal of protecting the community. Putting data breaches in the spotlight has heightened awareness of the privacy rights of consumers, who in turn are demanding greater security from the organisations with which they share information.”

The top industry sectors to report data breaches include health care (19%), finance (17%), legal, accounting and management services (10%), private education (9%) and retail (6%). The finance sector’s contribution to the statistics almost doubled compared to the previous quarter.

“It’s concerning to see that health service providers have topped the charts again for the most breaches per quarter. Healthcare providers are natural targets for cyber attacks due to the wealth of personal and sensitive data they store,” said Tenable ANZ Country Manager Bede Hackney.

Image credit: ©stock.adobe.com/au/pinkeyes

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.