The Australian privacy watchdog has been notified of 245 data breaches affecting personal data for the quarter between July and September, a slight bump from 242 in the previous quarter.

The Notifiable Data Breaches (NDB) report captures notifications received by the Office of the Australian Information Commissioner (OAIC) under the NDB scheme between 1 July 2018 and 30 September 2018.

August had the most notifications at 88 with July following at 81 and September coming in at 71.

The report identified 57 per cent of incidents were caused by malicious or criminal attack and 37 per cent were from human error.  

Angelene Falk, Australian Information Commissioner and Privacy Commissioner said training staff on how to identify and prevent privacy risks needs to be part of business as usual.

She said, “Everyone who handles personal information in their work needs to understand how data breaches can occur so we can work together to prevent them.

“Organisations and agencies need the right cyber security in place, but they also need to make sure work policies and processes support staff to protect personal information every day.”

Sources of the breaches: Notifiable Data Breaches Quarterly Statistics Report

Leonard Kleinman, Chief Cyber Security Advisor – Asia Pacific Japan, RSA said, “Human error is a factor that continues to pop up. We hear all the time that cyber security awareness is increasing, or that businesses understand the risks associated with digital transformation – but in reality the figures conflict that.

“Employees are still falling for traditional attacks. Businesses should re-visit their internal awareness campaigns and test the levels of understanding across the company, because unfortunately human error is still letting the side down.”

Monthly breakdown of Data Breaches: Notifiable Data Breaches Quarterly Statistics Report

From the report, 63 per cent involved personal information of 100 or fewer individuals, down slightly from 61 per cent in the previous quarter.

The top five industries to report breaches were private health service providers, finance; legal, accounting and management services, private education providers and personal services.

Falk said the report showed 20 per cent of the data breaches occurred when data was sent to the wrong recipient either by email, mail or other means.

“Importantly, we also need to be on the alert for suspicious emails or texts, with 20 per cent of all data breaches in the quarter attributed to phishing.

“Phishing is when an individual is contacted by email or text message by someone posing as a legitimate institution to lure them into providing passwords or personal information.

“This can result in their credentials – their username and password – being compromised and used to gain access to their system or network, if additional protections are not in place.”

Kleinman noted the report shows consistency however with only three reports to look at its hard to see if this will be the norm or a pattern going forward, “This scheme is still in its infancy and many Australian businesses are still learning how to report breaches and what procedures need to be taken.”

Previous post

Cybercrime is the biggest threat to Australia and some of our defences will fail, says government’s top cyber official

Next post

Neglecting privacy can endanger your entire digital transformation, says Gartner

Join the digital transformation discussion and sign up for the Which-50 Irregular Insights newsletter.