Govt made 33 breach notifications in six months
The Australian Government placed among the top five list of sources of notifiable data breaches for the first time during the past six months, being responsible for 33 notifications.
The number of breaches placed the government sector fifth on the list, behind health care (23% of breaches), finance, (15%), education (7%) and the legal, accounting and management services sectors (7%), according to the Office of the Information Commissioner’s latest six-month report into the Notifiable Data Breach Scheme.
During the six-month period, the OAIC received a total of 539 data breach notifications, up 5% from the first half of the year.
The OAIC said 78% of entities notified the OAIC within 30 days of becoming aware of an incident that was subsequently assessed to be an eligible data breach.
Among the breaches, 68% affected 100 individuals or fewer, but one breach affected 10 million or more individuals and three affected between 1 million and 10 million.
The report found that breaches resulting from human error accounted for 38% of notifications. But malicious or criminal attacks continued to be the main category, accounting for 58% of total notifications.
“In the past six months, we saw an increase in human error breaches both in terms of the total number of notifications received — up 18% to 204 — and proportionally — up from 34% to 38%,” Australian Information Commissioner and Privacy Commissioner Angelene Falk said.
“The human factor is also a dominant theme in many malicious or criminal attacks, which remain the leading source of breaches notified to my office. Organisations need to reduce the risk of a data breach by addressing human error — for example, by prioritising training staff on secure information handling practices.”
A consistent, high standard of personal information handling practices is needed to meet...
Agencies must accept the need to shift to the cloud and therefore choose a solution that properly...
South Australia's Auditor General has uncovered a range of deficiencies in the IT security of...