The Australian Information Commissioner has called for better staff training to prevent data breaches, following a new report.
One in three data breaches between 1 April and 30 June 2019 were caused by compromised credentials, according to the latest Notifiable Data Breaches (NDB) report from the Office of the Australian Information Commissioner (OAIC).
Malicious or criminal attacks were the largest source of data breaches in the quarter, accounting for 62% of all data breaches. Of these 151 cases, nearly 70% involved cyber incidents, such as phishing, malware or ransomware, brute-force attacks, or stolen credentials.
The report found that human vulnerabilities regularly played a part in breaches. For example, individuals clicking on a phishing email or reusing their passwords across services puts their personal information at high risk. Commissioner Angelene Falk believes this is cause for concern.
“The fact that there is a human factor involved in so many cases demonstrates the need for staff training to increase awareness of cyber risks and to take the necessary precautions,” she said.
Most cases (62%) involved the personal information of 100 individuals or less.
Of the sectors surveyed, private health service providers were responsible for 19% of data breaches, with the finance sector accounting for 17%. They were followed by the legal, accounting and management services sector with 10%, private education with 9%, and the retail sector with 6%.
Overall, the total of 245 data breaches remains consistent with previous reports.
The NDB scheme has become an effective tool for organisations to notify individuals and the commissioner about breaches, according to Falk. She urged organisations to “further commit” to the reporting regime while improving their response strategies.
“Effecting change in practices to prevent breaches is vital to the goal of protecting the community. Putting data breaches in the spotlight has heightened awareness of the privacy rights of consumers, who in turn are demanding greater security from the organisations with which they share information,” she noted.
Falk — who is also the Privacy Commissioner — said the OAIC will continue to exercise its enforcement powers and support the NDB scheme to protect consumers.
Future statistical reporting on the NDB scheme will shift to six-monthly intervals.