Security Market Segment LS
Wednesday, 28 August 2019 12:06

Malicious, criminal attacks dominate data breaches in Australia: OAIC Featured


Malicious or criminal attacks were the largest source of data breaches in Australia in the three months to the end of June this year, accounting for 62% of all data breaches, according to a new report from the Office of the Australian Information Commissioner (OAIC).

Of these 151 data breaches, 69.5% involved cyber incidents such as phishing, malware or ransomware, brute-force attacks, or compromised or stolen credentials.

The Notifiable Data Breaches report from the OAIC - a federal government agency - released on Wednesday, also reveals that while malicious or criminal attacks dominated data breaches, human error – the second largest source of breaches - accounted for 84 data breaches and system faults for 10 breaches.

Human error breaches involved breaches such as sending personal information to the wrong recipient via email (35%), unauthorised disclosure through the unintended release or publication of personal information (18%), as well as the loss of paperwork or data storage device (12%).

System faults accounted for 4% (10 breaches) of data breaches in the quarter, with the majority involving a system fault resulting in the unintended release or publication of personal information.

“This may include the disclosure of personal information on a website due to a bug in the web code, or a machine fault that results in a document containing personal information being sent to the wrong person,” the report says.

The OAIC report also reveals that theft of paperwork or data storage devices was another source of malicious or criminal attacks (14.5 %) – while other sources included actions taken by a rogue employee or insider threat (8%), as well as social engineering or impersonation (8%).

And the vast majority of cyber incidents (79%) were linked to compromised credentials, either through phishing (46 notifications), by unknown methods (32 notifications) or by brute-force attack (5 notifications).

The OAIC says that certain kinds of data breaches can affect larger numbers of people, noting, for example, that in the June quarter the unintended release or publication of personal information impacted the largest number of people – with an average of 9,479 affected individuals per data breach.

“This is consistent with the previous quarterly trend. Failure to use BCC when sending emails impacted an average of 601 individuals per data breach,” the OAIC says.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Peter Dinham

Peter Dinham is a co-founder of iTWire and a 35-year veteran journalist and corporate communications consultant. He has worked as a journalist in all forms of media – newspapers/magazines, radio, television, press agency and now, online – including with the Canberra Times, The Examiner (Tasmania), the ABC and AAP-Reuters. As a freelance journalist he also had articles published in Australian and overseas magazines. He worked in the corporate communications/public relations sector, in-house with an airline, and as a senior executive in Australia of the world’s largest communications consultancy, Burson-Marsteller. He also ran his own communications consultancy and was a co-founder in Australia of the global photographic agency, the Image Bank (now Getty Images).



Recent Comments