Notifiable data breaches fall 16% in 1H23

The number of notifiable data breaches reported to the Office of the Information Commissioner (OAIC) declined by 16% in the six months to June 2023, but the period also saw the first disclosed data breach affecting more than 10 million Australians.

According to the OAIC’s latest Notifiable Data Breaches report, cybersecurity incidents were the source of 42% of all breaches during the period, or 172 notifications. The top attack vectors were ransomware (53), misuse of compromised or stolen credentials (50) and phishing (33).

Malicious or criminal attacks were attributed to 70% of data breaches during the period, with human error accounting for 26% and system faults for the remaining 4%. The top causes of human error breaches involved sending personal information to the wrong recipient (46%), unauthorised disclosure or publication of personal data (18%) and the loss of paperwork or a data storage device (9%).

The top sectors to notify data breaches during the period included health service providers (63), the finance sector (54), recruitment agencies (33), legal, accounting and management services (26) and insurance (25).

Australian Information Commissioner and Privacy Commissioner Angelene Falk said the report demonstrates the need for Australian businesses to practise ongoing vigilance in data protection measures.

“As the guardians of Australians’ personal information, organisations must have the security measures required to minimise the risk of a data breach,” she said.

“In the event of an incident such as a cyber attack, organisations must also be able to adequately assess whether a data breach has occurred, how it has occurred and what information has been affected.”

Image credit: iStock.com/JuSun