OAIC: cybersecurity incidents impact data breach risk


Wednesday, 01 March, 2023

OAIC: cybersecurity incidents impact data breach risk

The latest Notifiable data breaches report has been released, highlighting a 26% increase in breaches overall — a figure that will probably surprise no one. The most recent report issued by the Office of the Australian Information Commissioner (OAIC) points to the numerous large-scale breaches that occurred in the latter half of 2022 as having a significant impact.

Australian Information Commissioner and Privacy Commissioner Angelene Falk said cybersecurity incidents in particular can have significant impacts on individuals, and organisations need to be alert to the risks.

“We saw a significant increase in data breaches that impacted a larger number of Australians in the second half of 2022,” she said.

“Cybersecurity incidents continue to have a significant impact on the community and were the cause of the majority of large-scale breaches.”

The report revealed that 33 of the 40 breaches that affected over 5000 Australians were the result of cybersecurity incidents.

“Organisations should take appropriate and proactive steps to protect against and respond to a range of cyber threats,” Falk said.

“This starts with collecting the minimum amount of personal information required and deleting it when it is no longer needed.”

Falk said organisations need to be vigilant as large-scale compromises of personal information may lead to further attacks.

“As personal information becomes increasingly available to malicious actors through breaches, the likelihood of other attacks, such as targeted social engineering, impersonation, fraud and scams, can increase.

“Organisations need to be on the front foot and have robust controls, such as fraud detection processes, in place to minimise the risk of further harm to individuals,” she said.

The OAIC has clear expectations of best practice with regard to data breach preparation and response, to ensure individuals are protected from harm.

“In response to a breach, organisations need to provide information to individuals that is timely and accurate.

“As well as setting out the kinds of information breached, the notification must include recommendations about clear steps people should take in response,” Falk said.

The reporting period also saw the enactment of the Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022. Among other things, the Act:

  • provides the Commissioner with new and greater powers to share information with other authorities about data breaches;
  • provides the Commissioner with a new power to obtain information and documents relevant to an actual or suspected eligible data breach;
  • enables the Commissioner to conduct an assessment of the ability of an entity to comply with the Notifiable Data Breaches scheme, including the extent to which the entity has processes and procedures in place to assess suspected eligible data breaches, and provide notice to the Commissioner and individuals at risk from such breaches; and
  • significantly increases penalties for serious or repeated privacy breaches, which includes non-compliance with the Notifiable Data Breaches scheme.
     

“While we will continue to work with organisations to facilitate voluntary compliance, we will use these regulatory powers where required to ensure compliance with the Notifiable Data Breaches scheme,” Falk said.

“We also welcome the further proposals to strengthen the Notifiable Data Breaches scheme in the Attorney-General’s Department’s Privacy Act review report.”

Read the Notifiable data breaches report July to December 2022 here.

Image credit: iStock.com/bgblue

Related News

CrowdStrike to buy Adaptive Shield

CrowdStrike is augmenting its SaaS security capabilities through the acquisition of Israeli-based...

LockBit named nastiest malware of 2024

LockBit, a ransomware malware known to have been used to attack Australian targets, has been...

Extreme Networks launches ZTNA solution

Extreme Networks' new ExtremeCloud Universal ZTNA solution combines cloud network access...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd