Australian organisations are suffering 2 data breaches per day: OAIC

Around two Australian companies are suffering from data breaches every day, according to a government report that confirms that Australians’ healthcare, financial, and identify information is being stolen at dizzying rate.

Published this week by the Office of the Australian Information Commissioner (OAIC), the first quarterly report of the new Notifiable Data Breaches (NDB) scheme noted that 8 data breaches were reported during the scheme’s first week – and an additional 55 incidents were reported during the month of March alone.

Health service providers accounted for 15 incidents, with legal, accounting and management service firms reporting 10 breaches. Finance and superannuation firms were hit 8 times, with education experiencing 6 incidents and charities suffering 4 breaches during the reporting period.

Personal contact details, such as an individual’s name, email address, home address or phone number, were compromised in 78 percent of the incidents while health information was compromised in a third of cases. Identity details were lost in 24 percent of incidents.

Three incidents involved between 10,000 and 99,999 Australians, while three more involved 1000 to 9999 people and eleven incidents involved 100 to 999 people.

“The transparency provided by the NDB scheme reinforces Australian Government agencies’ and businesses’ accountability for personal information protection and encourages a higher standard of security,” acting information commissioner and privacy commissioner Angelene Falk said in a statement.

“Over time, the quarterly reports of the eligible data breach notifications received by the OAIC will support improved understanding of the trends in eligible data breaches and promote a proactive approach to addressing security risks.”

Falk has had a busy tenure since she was appointed to fill in for departing privacy and information commissioner Timothy Pilgrim, who announced his retirement just weeks after the NDB scheme came into effect on February 22.

She recently launched an investigation into the Australian implications of the global Facebook data-sharing scandal, and her office will be busy processing the reported breaches as well as those that continue to pour in over coming months.

Human error was the largest single factor named in the breaches, being blamed in 32 of incidents (50.7 percent). This was even more frequently than malicious or criminal attacks, which were the cause of 28 reported incidents (44.4 percent).

Jason Edelstein, chief technology officer with security consultancy Sense of Security, said the results suggested that we are our own worst enemy when it comes to securing sensitive data.

“These errors should not be happening,” he said, “and we need to have better processes and policies in place to prevent this leakage of personal information. This requires us to educate employees on the cyber security risks and their responsibilities in handling data.”

The Australian figures for human error are even worse than the findings of Verizon’s recently-released Data Breach Investigations Report 2018, which investigated 2216 data breaches in 65 countries and found that 17 percent were due to human error.