The Office of the Australian Information Commissioner (OAIC) has released the latest report of Notifiable Data Breaches, highlighting the need for organisations to strengthen their data security and promptly respond to suspected breaches.
The OAIC Commissioner said her office expected organisations to have robust and proactive procedures in place to protect the personal information they hold.
The Commissioner, Angelene Falk said that as the guardians of Australians’ personal information, organisations must have the security measures required to minimise the risk of a data breach.
“In the event of an incident such as a cyber-attack, organisations must also be able to adequately assess whether a data breach has occurred, how it has occurred and what information has been affected,” Commissioner Falk said.
“The Notifiable Data Breaches scheme aims to protect individuals by requiring that they are notified when they are at likely risk of serious harm from a data breach,” she said.
“Prompt notification ensures individuals are informed and can take further steps to protect themselves, such as being more alert to scams.”
She said the longer organisations delayed notification, the more the chance of harm increased.
The report reveals that the January to June 2023 period saw 409 data breaches reported to the OAIC.
It said that while that was a 16% decrease in the number of notifications compared to the previous period, there was one breach that affected more than 10 million Australians, the first breach of the scale for Australians since the scheme began in 2018.
It also found that cyber security incidents were the source of 42% of all breaches (172 notifications); the top three cyber-attack methods were ransomware (53 notifications); and compromised or stolen credentials with unknown methods was unknown (50 notifications) and phishing (33 notifications).
Contact, identity and financial information remained the most common kinds of personal information involved in breaches.
“Every piece of data that is compromised can increase the likelihood of cyber actors linking together pieces of information to gain insight or do harm,” Commissioner Falk said.
The 41-page Notifiable data breaches report January to June 2023 can be accessed at this PS News link.