Home Security OAIC says 245 data breaches reported in July-Sept quarter
OAIC says 245 data breaches reported in July-Sept quarter Pixabay

In what has become merely a quarterly recital of statistics, the Office of the Australian Information Commissioner says it was informed of 245 data breaches affecting personal information from July to September. This is three more than the previous quarter.

In a statement, the OAIC said 57% of these incidents were due to malicious or criminal attack and 37% were due to human error.

Australian Information Commissioner and Privacy Commissioner Angelene Falk said: “Everyone who handles personal information in their work needs to understand how data breaches can occur so we can work together to prevent them.

“Organisations and agencies need the right cyber security in place, but they also need to make sure work policies and processes support staff to protect personal information every day.

“Our latest report shows 20% of data breaches over the quarter occurred when personal information was sent to the wrong recipient, by email, mail, fax or other means.

“Importantly, we also need to be on the alert for suspicious emails or texts, with 20% of all data breaches in the quarter attributed to phishing."

Key statistics from the OAIC report:

  • 245 data breaches were notified to affected individuals and the OAIC, compared to 242 the previous quarter;
  • 57% were attributed to malicious or criminal attacks, compared to 59% the previous quarter;
  • 37% were attributed to human error, compared to 36% the previous quarter;
  • 6% were attributed to system faults, compared to 5% the previous quarter; and
  • 63% involved the personal information of 100 or fewer individuals, compared to 61% the previous quarter.

The top five industry sectors to report breaches were:

  • Private health service providers: 45
  • Finance: 35
  • Legal, accounting and management services: 34
  • Private education providers: 16
  • Personal services: 13

Commenting on the report, David Shepherd, vice-president Asia Pacific and Japan, Bitglass, said: "Again, human error and the insider threat account for a significant percentage of the reported security breaches. Considering how prevalent the use of cloud is in Australia, it’s surprising there are no specific mentions of cloud data breaches in the report.

"One would have expected to see reference to files stored in the cloud with sharing turned on or exposed S3 buckets, or Blob storage that had been incorrectly configured. These would be down to human error too, wouldn’t they? Maybe data exposure isn’t thought of the same way as a data breach (and therefore reported), or perhaps there continues to be a visibility gap when it comes to data stored in the cloud.”

Phil Kernick, co-founder and chief technology officer at CQR, said: "The latest quarterly Notifiable Data Breach quarterly report has reported around 3.8 reports of breaches daily. This really should concern people as these are just the 'notifiable' ones that can result in serious harm.

"We can only imagine how many are not notifiable because of the severity, how many are not notifiable because the organisation is not required to comply with the Privacy Act, and how many and how many aren’t even detected. Businesses need to do better to protect our information and profit from our patronage. They need to take cyber security seriously.”

Anshul Pandey, senior security adviser and group manager at Content Security, said: “The statistics for what caused the breaches remains similar to last quarter but what has changed is phishing attacks which have gone up from 29% last quarter to 50% this quarter. This means organisations have to do more in terms of user awareness and blocking of phishing attacks.”

Mark Sinclair, ANZ regional director, WatchGuard Technologies, said: "The report suggests that the biggest segment of reported breaches comes from the 101-1000 company size sector, highlighting the fact that Australian mid-market organisations are in the sights of hackers, probably due to the fact that there are rarely dedicated IT security staff in this space.

"The report also indicates that contact information makes up 85% of reported breaches. While contact information may seem benign, it can allow for much more effective phishing attacks that may follow in the wake of a breach.

"We also see that phishing attacks make up half of the reported cyber incidents which can ultimately be reduced by user education, having a DNS/IP reputation-based scanner at the gateway and employing multi-factor authentication.

"It's interesting to see that the health service sector retains its place at number one for notified data breaches and also has the highest breach rate by human error. Security education of users within the health sector is a dire need and could help reduce the number of breaches if practised regularly.”

47 REASONS TO ATTEND YOW! 2018

With 4 keynotes + 33 talks + 10 in-depth workshops from world-class speakers, YOW! is your chance to learn more about the latest software trends, practices and technologies and interact with many of the people who created them.

Speakers this year include Anita Sengupta (Rocket Scientist and Sr. VP Engineering at Hyperloop One), Brendan Gregg (Sr. Performance Architect Netflix), Jessica Kerr (Developer, Speaker, Writer and Lead Engineer at Atomist) and Kent Beck (Author Extreme Programming, Test Driven Development).

YOW! 2018 is a great place to network with the best and brightest software developers in Australia. You’ll be amazed by the great ideas (and perhaps great talent) you’ll take back to the office!

Register now for YOW! Conference

· Sydney 29-30 November
· Brisbane 3-4 December
· Melbourne 6-7 December

Register now for YOW! Workshops

· Sydney 27-28 November
· Melbourne 4-5 December

REGISTER NOW!

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the sitecame into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

 

Popular News

 

Telecommunications

 

Sponsored News

 

 

 

 

Connect