63 data breaches in the first six weeks of mandatory notification rules

Tom Allan
Director, Basis Networks
Tom Allan
Director, Basis Networks

Mandatory Breach Statistics Released

The Office of the Australian Information Commissioner (OAIC) released it's first quarterly statistics report about notifications received under the Notifiable Data Breaches scheme which came into effect on February 22nd. A total of 63 breaches were reported in the first six weeks.

The top 5 industries that reported breaches in the quarter, and number of breaches reported per industry were:

  • Health service providers - 15
  • Legal, Accounting & Management services - 10
  • Finance (incl. superannuation) - 8
  • Education - 6
  • Charities - 4

The majority of breaches reported to the OAIC involved contact information , however entities also reported data breaches that involved individuals’ tax file numbers, financial details, such as bank account or credit card numbers, as well as health information.

The OAIC said,

‘Just over half of the eligible data breach notifications we received in the first quarter indicated that the cause of the breach was human error. In the 2016–2017 financial year 46 per cent of the data breach notifications received by the OAIC voluntarily were also reported to be the result of human error.

At Basis Networks we have been busy performing security risk assessments for a number of our clients across multiple industry verticals. These are invaluable in establishing customers current cyber security posture and governance processes, so that strategies can rapidly be put in place to enhance prevention, detection, and response capabilities, including the automation of security policy management and compliance reporting, and the utilisation of machine learning technologies to reduce the likelihood of human error.

If you would like to find out more about how you can improve your security posture and governance while reducing operational overhead, please get in touch for a chat.