The Office of the Australian Information Commissioner has been notified of 245 data breaches affecting personal information between July and September 2018, its latest report shows.
The quarterly statistics report on the Notifiable Data Breaches (NDB) scheme indicates 57 per cent of incidents were caused by malicious or criminal attack, and 37 per cent resulted from human error.
Australian Information Commissioner and Privacy Commissioner Angelene Falk said training staff on how to identify and prevent privacy risks needs to be part of business as usual.
“Everyone who handles personal information in their work needs to understand how data breaches can occur so we can work together to prevent them,” Ms Falk said.
“Organisations and agencies need the right cyber security in place, but they also need to make sure work policies and processes support staff to protect personal information every day.
“Our latest report shows 20 per cent of data breaches over the quarter occurred when personal information was sent to the wrong recipient, by email, mail, fax or other means.
“Importantly, we also need to be on the alert for suspicious emails or texts, with 20 per cent of all data breaches in the quarter attributed to phishing.
“Phishing is when an individual is contacted by email or text message by someone posing as a legitimate institution to lure them into providing passwords or personal information.
“This can result in their credentials – their username and password – being compromised and used to gain access to their system or network, if additional protections are not in place.”
The report can be found at www.oaic.gov.au/ndbreport
Australian Information Commissioner and Privacy Commissioner Angelene Falk said training staff on how to identify and prevent privacy risks needs to be part of business as usual.
“Everyone who handles personal information in their work needs to understand how data breaches can occur so we can work together to prevent them,” Ms Falk said.
“Organisations and agencies need the right cyber security in place, but they also need to make sure work policies and processes support staff to protect personal information every day.
“Our latest report shows 20 per cent of data breaches over the quarter occurred when personal information was sent to the wrong recipient, by email, mail, fax or other means.
“Importantly, we also need to be on the alert for suspicious emails or texts, with 20 per cent of all data breaches in the quarter attributed to phishing.
“Phishing is when an individual is contacted by email or text message by someone posing as a legitimate institution to lure them into providing passwords or personal information.
“This can result in their credentials – their username and password – being compromised and used to gain access to their system or network, if additional protections are not in place.”
The report can be found at www.oaic.gov.au/ndbreport
Key statistics
The Notifiable Data Breaches July–September 2018 report shows:
- 245 data breaches were notified to affected individuals and the Office of the Australian Information Commissioner, compared to 242 the previous quarter
- 57% were attributed to malicious or criminal attacks, compared to 59% the previous quarter
- 37% were attributed to human error, compared to 36% the previous quarter
- 6% were attributed to system faults, compared to 5% the previous quarter
- 63% involved the personal information of 100 or fewer individuals, compared to 61% the previous quarter
- The top five industry sectors to report breaches were:
- Private health service providers: 45
- Finance: 35
- Legal, accounting and management services: 34
- Private education providers: 16
- Personal services: 13