Notifiable data breaches report: A quick summary (October – December 2018)

Notifiable Data Breaches Report

Data breaches throughout Australia continue to rise. At least, according to the latest quarterly statistics report from the Office of the Australian Information Commissioner (OAIC). Between October and December 2018, 262 breaches were reported to the OAIC as part of the mandatory Notifiable Data Breach scheme. This superseded the previous quarterly figures.

Experts found 64% of breaches were attributed to malicious attacks, while 33% were due to human error. Most of the breaches involved the personal information of 100 individuals or fewer. However, there were four incidents that affected between 100,000 and 10 million people.

Following previous quarterly statistics reports, the OAIC listed five industries that reported the most data breaches.

1. Private health service

The private health sector retained its position as the leading source of data breaches, with up to 54 reported cases. Of those cases, 29 were the result of human error, such as unauthorised disclosure of information and sending personal information to the wrong recipient. The other 25 were due to malicious attacks, consisting of theft of paperwork or data storage device, ransomware, and compromised credentials.

Healthcare companies have always had issues regarding cybersecurity. IT infrastructure within healthcare organisations can be extremely complex. Therefore, it can make it difficult to properly secure data and ensure employees are adhering to security best practices.

Unfortunately for healthcare, they can be constant targets for their database of health records, contact details, and financial information. This can translate to huge earnings for cybercriminals who deal in the underground market.

2. Finance

The second highest reporting sector is the Australian finance industry, which reported 40 data breaches between October to December 2018. A majority of these breaches were largely caused by rogue employees and phishing attacks.

Malicious attacks are more common in the finance sector. This is because bank details, credit card information, and personal records are highly sought after by cybercriminals. Also, despite having access to the latest security measures, some financial institutions may overlook security training. This can make them easy targets for online scams and internal threats.

3. Legal, accounting, and management services

The legal, accounting, and management services sector reported 23 data breaches. Most of which resulted from phishing and compromised passwords. The issue is that most employees are unprepared for online threats. Smaller firms don’t expect an attack to happen to them, or realise that no database or target is too small for a motivated hacker.

4. Private education providers

There were 21 breaches reported by private schools and universities across Australia – a slight increase from last quarter’s 16 breaches. Unauthorised disclosures and missing information contributed most to the rise in notifications. Institutions may lack the right policies and security measures that enforce safe data sharing practices among administrators and staff.

5. Mining and manufacturing

Unlike the other sectors in this entry, all 12 of the notifications from the mining and manufacturing industry were a result of:

  • malicious attacks,
  • phishing,
  • stolen credentials, and
  • ransomware.

Healthcare and financial data may be highly coveted by cybercriminals. This is because firms within this industry contain treasure troves of information that are worth a lot of money (e.g., schematics, proprietary records, and customer data).

What should companies do in 2019?

Organisations, no matter the size or industry, are a gold mine of valuable information for hackers, and the sooner they realise that, the better. For instance, we know that a majority of data breaches stemmed from malicious attacks, so companies must deploy powerful:

  • threat detection systems,
  • firewalls,
  • access restrictions,
  • anti-malware, and
  • encryption.

Users are also the easiest route to company data, which is why providing comprehensive security training is vital. This means teaching employees to:

  • recognise potential phishing scams,
  • develop responsible data sharing habits, and
  • set strong, unique passwords for each of their accounts.

Employees can easily inadvertently click on a dangerous link or make unauthorised disclosures. Therefore, it’s important to increase awareness and security training to make the chance of a breach slim to none.

Doing whatever it takes to secure data is a priority for most companies. To avoid data losses, legal costs, and a damaged reputation, Call Empower IT Solutions for all your cyber-defence needs. We offer Australian businesses’ security tools and training services that turn your company’s weakest link into your strongest asset.

Free Download

Notifiable data breaches infographic (October – December 2018)

Further reading

  1. NDB report: A quick summary (July – September 2018)
  2. NDB report: A quick summary (February – June 2018)