The Office of the Australian Information Commissioner (OAIC) has reported it received 245 notifications of data breaches affecting personal information between July and September this year.
The Office’s quarterly statistics report on the Notifiable Data Breaches (NDB) scheme found that 57 per cent of incidents were caused by malicious or criminal attack, and 37 per cent resulted from human error.
Australian Information Commissioner and Privacy Commissioner, Angelene Falk said organisations should train staff on how to identify and prevent privacy risks as part of their ‘business as usual’.
“Everyone who handles personal information in their work needs to understand how data breaches can occur so we can work together to prevent them,” Ms Falk said.
“Organisations and Agencies need the right cyber security in place, but they also need to make sure work policies and processes support staff to protect personal information every day.”
She said the report showed 20 per cent of data breaches over the quarter occurred when personal information was sent to the wrong recipient, by email, mail, fax or other means.
“Importantly, we also need to be on the alert for suspicious emails or texts, with 20 per cent of all data breaches in the quarter attributed to phishing,” Ms Falk said.
“Phishing is when an individual is contacted by email or text message by someone posing as a legitimate institution to lure them into providing passwords or personal information.”
She said this could result in their credentials — their username and password — being compromised and used to gain access to their system or network if additional protections were not in place.
She said the top five industry sectors to report breaches were Private health service providers (45); Finance (35); Legal, accounting and management services (34); Private education providers (16); and Personal services (13).
The Office’s full 33-page report can be found at this PS News link.
