30th Jul 2018

N

NOTIFIABLE DATA BREACHES SECOND QUARTERLY REPORT

30th Jul 2018

The Office of the Australian Information Commissioner (OAIC) has published the second quarterly report on data breach notifications.

The OAIC has received 242 notifications under the Notifiable Data Breaches (NDB) scheme in the period 1 April to 30 June 2018, according to the second quarterly statistical report on data breach notifications received under the scheme, released on 31 July 2018. This is the first full quarter of operation of the NDB scheme since it commenced on 22 February 2018.

Key statistics include

  • A total of 242 notifications were made under the NDB scheme in the quarter. In the January to March 2018 quarter, 63 notifications were received. (This was a partial reporting period due to the scheme commencing on 22 February 2018.)
  • Of the 242 notifications in this quarter, the primary source of breaches was malicious or criminal attacks (142 notifications or 59%), followed by human error (88 notifications or 36%) and system faults (12 notifications or 5%).
  • The report shows that the majority of malicious or criminal breaches reported were cyber incidents, linked to the compromise of credentials (usernames and passwords).
  • The most common human errors were:
    • An email containing personal information sent to the wrong recipient (22 notifications)
    • Unintended release or publication of personal information (12 notifications)
    • Personal information sent by mail to the wrong mail recipient (10 notifications)
  • Most data breaches involved the personal information of 100 or fewer individuals (148 notifications or 61 per cent of breaches). 93 reported breaches, or 38%, impacted ten or fewer people.
  • The private health sector is the top sector for reporting data breaches under the Australian NDB scheme with 49 notifications in the quarter (noting that these notifications do not relate to the My Health Records system), followed by the finance sector with 36 notifications.

The full OAIC report is available here.

Related:

The one thing you really need to know about data security

Data services at mmw3degrees

By Juliet McGuinness
Governance, Risk Management & Compliance Specialist
mmw3degrees