63 data breach reports filed in Q1
There were 63 notifiable data breach reports filed since the mandatory reporting scheme was introduced in late February and until the end of March, according to the Office of the Australian Information Commissioner (OAIC).
Of the total, the largest proportion of breaches reported to the OAIC came from the healthcare sector (15), followed by legal, accounting and management services (10), the finance sector (8), education (6) and charities (4).
The large majority (78%) of data breaches covered contract information, such as a customer’s name email address, home address or phone number.
One in three data breaches included health information, 30% covered financial details such as bank account or credit card numbers and 24% exposed identity information such as tax file numbers.
Human error was to blame for the slight majority (32) of data breaches, but almost as many (28) involved malicious or criminal attacks.
Meanwhile 73% of data breaches reported involved the personal information of under 100 individuals, with just over half involving fewer than 10 individuals. But three breaches affected between 10,000 and 99,999 individuals and a further three involved between 1000 and 9999.
Mimecast Principal Technical Consultant Garrett O’Hara commented that it’s no surprise that healthcare information is over-represented in the statistics. “Healthcare organisations face unique challenges in coordinating care among many internal and external parties, while needing to maintain strict compliance of protected health and patient information,” he said. “One of the issues with the health sector is the reliance on legacy systems. During the WannaCry ransomware attack last year, the prevalence of older unpatched Window systems left organisations vulnerable to attacks.”
O’Hara added that in the face of the growing prevalence of data breaches it is essential that organisations have a cyber resilience strategy in place that covers patch management, application whitelisting, cloud email protection and cybersecurity awareness training.
Managing third-party cybersecurity risks in the supply chain
Third-party cybersecurity breaches occur when the victim's defences are compromised through a...
Countering MFA fatigue demands a rethink on user authentication
While MFA remains effective, highly motivated threat actors are using tactics that seek to...
Four common zero-trust misconceptions derailing cybersecurity success
John Kindervag, creator of the zero-trust concept, explores the four most common zero-trust...
