Blog

01Sep, 2019

Notifiable Data Breach Legislation

1 April to 30 June 2019 Report: Deliberate criminal attacks still behind most notifiable data breaches

The Office of the Australian Information Commissioner has released their latest “Notifiable Data Breaches Quarterly Statistics Report” with statistical information about notifications received under the Notifiable Data Breaches Scheme from 1 April to 30 June 2019[i].

The total number of data breach notifications received in the quarter was 245 which brings the total amount received in 2019 to 460, with the addition of the 215 received from January to the end of March 2019.

Related:  The countdown is on for the notifiable data breach legislation. Are you ready?

The largest source of data breaches for all sectors was a malicious or criminal attack (62 per cent) followed by human error (34 per cent) and system fault (4 per cent). Malicious or criminal attacks are deliberate acts designed to exploit system vulnerabilities.

Out of the total of 151 data breaches, 69.5 per cents were due to cyber incidents which include phishing, malware or ransomware, brute-force attacks or compromised or stolen credentials.  Theft of paperwork or data storage devices was the cause of 14.5 per cent of breaches, and other sources included insider threats (8 per cent), and social engineering or impersonation (8 per cent).

What type of personal information are criminals targeting?

For 90 per cent of data breaches reported, contact information was the largest type of personal information involved, followed by financial details at 42 per cent. Other personal information involved in data breaches includes identity information (31 per cent), health information (27 per cent) and tax file numbers (16 per cent).

What industries are reporting the most data breaches?

The sector that reported the highest number of data breaches was Health Service Providers with 47 data breaches reported during the period. The Finance industry, including superannuation, reported 42 breaches followed by Legal, Accounting and Management services (24 breaches), Education (23 breaches) and Retail (15 breaches).

Human error continues to be an issue across all sectors and continues to be the primary cause of data breach in the private health sector (53 per cent).  The error that has the most significant impact on the total number of individuals affected is ‘unauthorised disclosure’ with 9,479 individuals affected by this error.

Reducing human error continues to be the most significant challenge to organisations with the communication of data breach obligations and implementing response plans difficult as businesses adapt to the new regulations.

IPSI’s Notifiable Data Breach Scheme fact sheet highlights seven key actions must prioritise to reduce the risk of data breach. Download your copy here >> Notifiable Data Breach Scheme Fact Sheet.

Resource Link: Notifiable Data Breaches Quarterly Statistics Report: 1 April – 30 June 2019

References

[i] Office of the Australian Information Commissioner, ‘ Notifiable Data Breaches Quarterly Statistics Report: 1 April – 30 June 2019, accessed 17 September 2019 at https://www.oaic.gov.au/assets/privacy/notifiable-data-breaches-scheme/statistics/notifiable-data-breaches-statistics-report-1-april-to-30-june-2019.pdf

 

Related Articles

The benefits of mandatory data breach notification laws in Australia

Mandatory data breach notification laws would result in greater security for Australians and improved protection of their sensitive information. And i

Read More

Cost of data breach report (with Australian Statistics)

Ponemon Institute 2013 Cost of Data Breach report The 2013 Cost of Data Breach report published by the Ponemon Institute (sponsored by Symantec) revea

Read More

How to survive a data breach

In the past two years, LinkedIn, eHarmony, Twitter, Adobe and, most recently, Target have suffered data breaches that together exposed more than 120 m

Read More

Credit card data discovery tools lay the foundation for good data security

Card Holder Data (CHD) discovery tools are becoming essential in identifying none secure sensitive data locations. Since December 2013, a series of da

Read More