Australian businesses are still consistently falling prey to malicious attacks by cyber criminals, with new data from the Information Commissioner revealing 262 data breaches occurred between October and December last year.
This marks nearly one full year of Australia’s Notifiable Data Breach scheme, which requires companies with turnovers of $3 million or more to report any data breaches of customer data to the Office of the Australian Information Commissioner (OAIC) and to any affected customers.
Since coming into effect in late-February 2018, over 800 data breaches have been reported to the OAIC, though the majority of those were small, affecting fewer than 100 people.
In the last quarter’s results, the OAIC revealed the leading cause of business data breaches were malicious or criminal attacks (64%) followed by human error (32%). Of these breaches caused by malicious attacks, the main incidents involved compromised credentials or brute-force attacks.
Again, the health service sector was the largest contributor to the spate of data breaches over the quarter, making up 54 of the 262. Following was the finance sector, legal sector and private education providers.
In the OAIC’s breakdown of the breaches, some amusing causes for breaches were uncovered, including two counts of faxes being sent to the wrong person, and nine counts of failure to use BCC when sending an email. Twelve counts of lost storage devices were reported.
“Preventing data breaches and improving cyber security must be a primary concern for any organisation entrusted with people’s personal information,” Australian Information Commissioner and Privacy commissioner Angelene Falk said in a statement.
“Employees need to be made aware of the common tricks used by cyber criminals to steal usernames and passwords. If a data breach occurs, early notification can help anyone who is affected take action to prevent harm.”
“By changing passwords, checking your credit report, and looking out for scams using your personal information, you can help minimise the harm that can result from a data breach.”