Data breaches rise but fewer occur in federal agencies

By Jackson Graham

February 24, 2022

long, curving server room
Fewer data breaches are occurring in federal agencies and departments that have fallen out of the top five sectors. (Cybrain/Adobe)

Australia is seeing a rise in data breaches but fewer are occurring in federal agencies and departments that have fallen out of the top five sectors. 

The latest report from the Office of the Australian Information Commissioner, released this week, shows the commissioner received 464 data breach notifications from July to December 2021. 

This was 6% more than the January to July period, but federal agencies and departments did not account for industries in the top five.

In July, the Australian government was among the top five, with 34 breaches, after entering the list for the first time in late 2020.  

Health service providers followed by finance then legal and accounting services continued to be the top three sectors for data breaches. Education, insurance and personal services are also experiencing frequent data breaches. 

Malicious or criminal attacks remained the main cause of breaches, accounting for 55%, yet down 9% on the previous reporting period. 

Human error has risen as a reason behind data breaches, now making up 43% of cases, according to the report. 

Australian information commissioner Angelene Falk urged organisations to put accountability at the centre of information handling practices.

“Australians expect that their personal information will be handled with care when they choose to engage with a product or service and are more likely to entrust their data to organisations that have demonstrated effective privacy management,” Falk said in a statement. 

The federal office has been managing the Notifiable Data Breaches scheme for the past four years and is finding some organisations fall short of the scheme’s assessment and notification requirements.

“Delays in assessment and notification reduce the opportunities for an individual to take steps to protect themselves from harm,” Falk said. 

Three-quarters of organisations notified the OAIC within 30 days of becoming aware of an incident, slightly up on the previous reporting period. Twenty-eight organisations took longer than 120 days to notify the OAIC.


Cybercriminals gave government departments a run for their money in 2021

About the author
Inline Feedbacks
View all comments
The Mandarin Premium

Insights & analysis that matter to you

Subscribe for only $5 a week


Get Premium Today