Of these 151 data breaches, 69.5% involved cyber incidents such as phishing, malware or ransomware, brute-force attacks, or compromised or stolen credentials.
The Notifiable Data Breaches report from the OAIC — a Federal Government agency — released on Wednesday, also reveals that while malicious or criminal attacks dominated data breaches, human error — the second largest source of breaches — accounted for 84 data breaches and system faults for 10 breaches.
Human error breaches involved breaches such as sending personal information to the wrong recipient via email (35%), unauthorised disclosure through the unintended release or publication of personal information (18%), as well as the loss of paperwork or data storage device (12%).
“This may include the disclosure of personal information on a website due to a bug in the web code, or a machine fault that results in a document containing personal information being sent to the wrong person,” the report says.
The OAIC report also reveals that theft of paperwork or data storage devices was another source of malicious or criminal attacks (14.5 %) – while other sources included actions taken by a rogue employee or insider threat (8%), as well as social engineering or impersonation (8%).
And the vast majority of cyber incidents (79%) were linked to compromised credentials, either through phishing (46 notifications), by unknown methods (32 notifications) or by brute-force attack (5 notifications).
The OAIC says that certain kinds of data breaches can affect larger numbers of people, noting, for example, that in the June quarter the unintended release or publication of personal information impacted the largest number of people – with an average of 9,479 affected individuals per data breach.
“This is consistent with the previous quarterly trend. Failure to use BCC when sending emails impacted an average of 601 individuals per data breach,” the OAIC says.