The Australian Information Commissioner and Privacy Commissioner has reported that 262 data breaches involving personal information were notified to her office between October and December 2018, prompting the Australian Cyber Security Centre to call on all organisations to step up their efforts to protect themselves.
The Commissioner, Angelene Falk (pictured) said that under the Notifiable Data Breaches scheme, organisations and agencies regulated under the Privacy Act must notify individuals and her office (OAIC) when data breaches were likely to result in serious harm.
Ms Falk said the leading cause of notifiable data breaches in the December quarter was malicious or criminal attack (168 notifications), followed by human error (85 notifications) and system error (nine notifications).
She said most data breaches resulting from a malicious or criminal attack involved cyber incidents stemming from compromised credentials (usernames and passwords) such as phishing and brute-force attacks.
She reinforced the need for organisations and individuals to secure personal information by safeguarding credentials.
“Preventing data breaches and improving cyber security must be a primary concern for any organisation entrusted with people’s personal information,” Ms Falk said.
“Employees need to be made aware of the common tricks used by cyber criminals to steal usernames and passwords.”
She said the OAIC worked with the Australian Cyber Security Centre to provide prevention strategies for organisations, including regularly resetting and not reusing passwords.
“If a data breach occurs, early notification can help anyone who is affected take action to prevent harm,” Ms Falk said.
“By changing passwords, checking your credit report, and looking out for scams using your personal information, you can help minimise the harm that can result from a data breach.”
Supporting the OAIC, the Australian Cyber Security Centre (ACSC) urged organisations to step up efforts to protect themselves from cyber criminals.
National Cyber Security Adviser and Head of ACSC, Alastair MacGibbon said Australia’s commercial secrets were an attractive target for cyber criminals, and compromised credentials could be an easy way in.
‘There is no room for complacency, as we saw in December when the Australian Government confirmed the global hack of Manager Service Providers (MSPs), including Australian organisations,” Mr MacGibbon said.
“In response, we are rolling out a new information sharing program at our Joint Cyber Security Centres around the country to help strengthen defences.”
The OAIC’s 33-page quarterly report on notifiable data breaches can be accessed at this PS News link.