Number of reported data breaches drops
- 13 May, 2019 11:21
The number of data breaches reported to the Office of the Australian Information Commissioner (OAIC) has dropped to 215 making the January to March 2019 period the lowest reported in a full quarter so far.
The total number of reported breaches under the Australian Notifiable Data Breach (NDB) scheme hit 242 from April to June of 2018, 245 from July to September 2018 and 262 from October to December of 2018.
The majority of data breaches in the latest period involved personal information of 100 individuals or fewer (68 per cent of data breaches). Breaches impacting between one and 10 individuals comprised 50 per cent of the notifications.
Human error was the second-largest source of data breaches, such as sending personal information to the wrong recipient via email (31 per cent), loss of paperwork or storage device (16 per cent) as well as the unintended release or publication of personal information (28 per cent).
Approximately 778,502 individuals have been affected this quarter as a result of human error which caused the unintended release or publication of personal information.
Failure to use BCC when sending emails impacted an average of 432 individuals per data breach, the report stated.
Malicious or criminal attacks were the largest source of data breaches accounting for 61 per cent of all data breaches. Of these 131 data breaches, 66 per cent involved cyber incidents such as phishing, malware or ransomware, brute-force attacks, compromised or stolen credentials.
From January to March 2019, the top sector to report data breaches under the NDB scheme was once again the private health service provider sector with 27 per cent.
The second-largest source of NDBs was the finance sector with 13 per cent, followed by the legal, accounting and management services sector with 11 per cent, the private education sector with nine 9 per cent and the retail sector with five per cent.
Notifications made under the My Health Records Act 2012 are not included in this report, as they are subject to specific notification requirements set out in that Act
In April 2018, the OAIC released the first quarterly report revealing 63 notifications were received during the first six weeks of the scheme.
Out of the 63 notifications received, 51 per cent "indicated" that the cause was human error, 44 per cent were the result of malicious or criminal attack and three were the result of system faults.
A total of 812 data breaches were notified to the OAIC during its first year since the NDB scheme was introduced on 22 February 2018, an average of 67 breaches a month.
In comparison, during the 2017 financial year, the OAIC received 114 voluntary data breach notifications.
