The Office of the Australian Information Commissioner (OAIC) has announced that almost one in three data breaches in Australia have been linked to compromised login credentials.
In her latest report Notifiable Data Breaches (NDB) Report the Australian Information Commissioner and Privacy Commissioner, Angelene Falk warns organisations about the risks associated with storing sensitive personal information in email accounts.
Ms Falk said the accidental emailing of personal information to the wrong recipient was the most common cause of human error data breaches.
“Email accounts are also being used to store sensitive personal information, where it may be accessed by malicious third parties who breach these accounts,” Ms Falk said.
She said organisations should consider additional security controls when emailing sensitive personal information, such as password-protected or encrypted files.
“This personal information should then be stored in a secure document management system and the emails deleted from both the inbox and sent box.”
She said phishing attacks caused at least 15 per cent of the 537 data breaches notified to the OAIC from July to December last year – a 19 per cent increase on the reporting figure for the first half of 2019.
The Report found that malicious or criminal attacks accounted for 64 per cent of all data breaches, with human error a factor in 32 per cent of breaches.
It found health service providers remained the leading source of NDBs over the period, accounting for 22 per cent of all breaches.
Ms Falk said the OAIC had developed an action plan to help the health sector contain and manage its data breaches and implement improvements.
She said finance was the second highest reporting sector, with 14 per cent of all NDBs in the second half of last year.
The Commissioner’s 26-page report can be accessed at this PS News link.
