The Australian Information Commissioner (OAIC) has recorded the highest level of data breaches in almost 4 years. According to the latest Notifiable Data Breaches Report, 527 data breaches were recorded in the first half of the year. This is up 9% compared to 6 months prior, and the highest number of data breach notifications since the last half of 2020.
Both private and public sectors fell victim, with healthcare, government, and finance hit the hardest. Malicious and criminal attacks were responsible for 63% of data breaches, 57% of which were classified as cybersecurity incidents. Phishing attempts, compromised credentials, hacking, and malware were among the top ways fraudsters facilitated a breach.
The MediSecure breach took the top spot for the largest breach in the first six months of the year. Though the report found that 63% of data breaches affected less than 100 people, over 12.9 million used the e-script provider and had their information leaked.
Carly Kind, the Australian Privacy Commissioner, said the high number of data breaches is evidence of the significant threats to Australians’ privacy.
“Almost every day, my office is notified of data breaches where Australians are at likely risk of serious harm,” she said. “This harm can range from an increase in scams and the risk of identity theft to emotional distress and even physical harm. Privacy and security measures are not keeping up with the threats facing Australians’ personal information and addressing this must be a priority.”
In light of the rising number of data breaches, the Australian government has introduced the Privacy and Other Legislation Amendment Bill.
“Our priority is ensuring compliance with the law, and we will help organisations achieve this through education and articulating what ‘good’ looks like,” Kind said in a press release.
The proposed bill aims to help the OAIC enforce privacy legislation. OAIC is committed to helping organisations understand what their obligations are when it comes to keeping information secure. Cybersecurity training and data encryption will be mandatory. If organisations fail to issue a notice if they’re subject to a breach or take reasonable steps to keep personal information safe, they’ll cop a fine.
1 min read
