OAIC report finds significant breach decrease

The OAIC Notifiable Data Breaches Report January-June 2021 found that in the six-month reporting period there was a decrease in breaches of 16 per cent in comparison with last year’s findings.

There were 446 breaches were notified under the scheme, a decrease of 16 per cent compared with 530 notifications from July to December 2020.

Malicious or criminal attacks remain the leading source of data breaches, accounting for 289 notifications (65 per cent of the total), down 5 per cent in number from 304. Data breaches resulting from human error accounted for 134 notifications (30 per cent of the total), down 34 per cent in number from 203.

OAIC has found the health sector remains the highest reporting industry sector, notifying 19% of all breaches, followed by finance, which notified 13 per cent of all breaches. Contact information remains the most common type of personal information involved in data breaches.

According to Jim Cook, ANZ regional director Attivo Networks, 65 per cent of all reported breaches being criminal or malicious the need to focus on security is evidenced.

"At the same time, just over one-quarter of the cyber related incidents involved compromised credentials, which validates the need to detect and respond to credential-based attacks much earlier in the attack cycle."

“Although it’s great that fewer than 100 individuals were affected by 65 per cent of the breaches it’s important to note that one breach affected more than 10 million people, and two affected between 1 million and 10 million," Cook said.

"Australians need to assume that their private information is ‘out there’, available for sale and that they should act accordingly when being contacted by an individual or organisation that they don’t recognise."

The Office of the Australian Information Commissioner (OAIC) periodically publishes statistical information about notifications received under the Notifiable Data Breaches (NDB) scheme to assist entities and the public to understand the operation of the scheme. The recent report captures notifications made under the NDB scheme for the period from 1 January to 30 June 2021.