Nearly 40% of reported data breaches were due to human error, including emails being sent to the wrong person

data breaches

If shady hackers and cyber criminals in balaclavas are your biggest concern when it comes to cyber security, it might be time to look somewhere else for the cause of Australia’s data breaches, such as the mirror.

According to the latest Notifiable Data Breach report, which covers all breaches from April 1 to June 30, 36% of all reported data breaches were thanks to human error. In total, there were 305 reported data breaches over the quarter.

Australia’s mandatory Notifiable Data Breach legislation was introduced last year and enacted earlier in 2018. Companies with more than $3 million in annual revenue are now required to report any and all data breaches to the Privacy Commissioner and their customers, or face penalties of up to $1.7 million.

Sixty percent of breaches between April and June were due to genuine cyberattacks, such as phishing, malware, ransomware, brute-force attacks, or compromised or stolen credentials. A scattering of these were also due to stolen devices or paperwork, social engineering or “rogue employees”.

When it came to human error breaches, 22 of them were due to emails sent to the incorrect recipient, and a further 12 were due to information being unintentionally disclosed or released. Further incidents were also due to lost devices, failing to use BCC when sending an email, or insecure disposal.

Precisely one data breach was due to an unauthorised verbal disclosure of information.

Bar chart breaks down the human error data breaches. There are 10 types in the chart. The top 3 are: Personal information sent to the wrong recipient (email) with 22 notifications; Unauthorised disclosure (unintended release or publication) with 12 notifications; and Other with 12 notifications. Link to long text description follows chart.

However, despite the numerous data breaches, the number of customers affected was quite low. Just one breach affected between one million and 10 million customers and the vast majority (172) affected between two to 5,000 customers.

Fifty-one breaches were found to have affected just one single customer.

The health sector attracted the highest number of breaches at 49, with the finance sector following at 36 breaches. Of the 49 breaches in the health sector, 29 of them were due to human error.

NOW READ: Mandatory data breach reporting comes in tomorrow: Here’s what your business needs to know

Passionate about the state of Australian small business? Join the Smarts Collective and be a part of the conversation.


Notify of
Inline Feedbacks
View all comments
SmartCompany Plus

Sign in

To connect a sign in method the email must match the one on your SmartCompany Plus account.
Or use your email
Forgot your password?

Want some assistance?

Contact us on: or call the hotline: +61 (03) 8623 9900.