Criminals Are Driving Australian Data Breaches

Malicious or criminal attacks accounted for the majority of data breaches reported to the Office of the Australian Information Commissioner in the three months to 30 June.

The OAIC has released its second report on the Notifiable Data Breaches (NDB) scheme. The report revealed that 59 percent of the 242 breaches reported to the privacy watchdog during the quarter were attributable to malicious or criminal attack.

Thirty-six percent related to human error and 5 percent to a system fault.

The overwhelming majority of those breaches, 97, related to ‘cyber incidents’ (31 related to data or paperwork theft, seven to insider threats and seven to social engineering).

The most common attack vector was credentials that were compromised or stolen by some unknown method, 34 per cent, followed by credentials compromised by phishing (29 per cent) and compromised by brute-force attacks (14 per cent).

As with the first report issued as part of the NDB scheme, the health sector dominated with the largest number of breaches. Forty-nine of the breaches were reported by health service providers, followed by finance (36 breaches), legal, accounting and management services (20), education sector (19) and business and professional associations (15).

The NDB scheme commenced on 22 February, making the new report the first to cover a full quarter of operation.

The scheme obliges organisations to report data breaches to the OAIC and notify affected individuals when there is a risk of “serious harm”.

The NDB scheme covers businesses with annual turnover greater than $3 million. Also subject to breach reporting obligations are organisations that handle certain sensitive categories of data, such as health-care providers, and Commonwealth entities.

“Notifications this quarter show that one of the key aims of the scheme, ensuring individuals are made aware when the security of their personal data is compromised, is being met,” said acting Australian Information Commissioner and acting Privacy Commissioner, Angelene Falk.

“Data breach notification to individuals by the entities experiencing the data breach can equip individuals with the information they need to take steps to reduce their risk of experiencing harm, which can reduce the overall impact of a breach.”

ComputerWorld:

You Might Also Read:

Cybercrime Is A Real Economic Threat:

Australia's Largest Bank Lost The Personal Financial Histories Of 12m Customers:

 

« Estonia’s Cyber Revenge
Satellite Imagery + Social Media = A New Way To Spot Emerging Nuclear Threats »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Latham & Watkins LLP

Latham & Watkins LLP

Latham & Watkins is an international law firm. Practice areas include Data Privacy, Security and Cybercrime.

CISPA Helmholtz Center for Information Security

CISPA Helmholtz Center for Information Security

The CISPA Helmholtz Center for Information Security is a German national Big Science Institution within the Helmholtz Association. Our research encompasses all aspects of Information Security.

ISC2

ISC2

ISC2 is an international, non-profit membership association for information security leaders. Our information security certifications are recognized as the global standard for excellence.

Cybersecurity Defense Initiative (CDI) - University of Arkansas

Cybersecurity Defense Initiative (CDI) - University of Arkansas

The Cybersecurity Defense Initiative is a national cybersecurity training program, developed for technical personnel and managers who monitor and protect our nation's critical cyber infrastructures.

CyberSec Hub - The Kosciuszko Institute

CyberSec Hub - The Kosciuszko Institute

The goal of CyberSec Hub is to create a centre of excellence for cybersecurity in Krakow, a new European “Cyber-Silicon Valley”.

Tugboat Logic

Tugboat Logic

Tugboat Logic was created to address the skills and expertise gap in the security and compliance industry. Our goal is to simplify and automate information security management for every enterprise.

DatChat

DatChat

DatChat Inc. is a blockchain, cybersecurity, and social media company that focuses on protecting privacy on our devices and also protecting our information after we have shared it with others.

Tetrate.io

Tetrate.io

Tetrate Service Bridge provides enterprises with a consistent, unified way to connect and secure services across an entire mesh-managed environment.

InfusionPoints

InfusionPoints

InfusionPoints is your independent trusted partner dedicated to assisting you in building your secure and compliant business solutions.

HEROIC Cybersecurity

HEROIC Cybersecurity

HEROIC’s enterprise cybersecurity services help improve overall organizational security with industry best practices and advanced technology solutions.

Buchanan Technologies

Buchanan Technologies

Buchanan Technologies is a leading IT consulting and outsourcing services firm. Our methodology transforms everyday technology investments into streamlined, secure and scalable solutions.

LogicMonitor

LogicMonitor

LogicMonitor provides SaaS-based IT infrastructure monitoring services for on-premises and multi-cloud environments.

Comcast Technology Solutions (CTS)

Comcast Technology Solutions (CTS)

Comcast Technology Solutions delivers proven technologies for global video, media, communications, data applications, and cybersecurity & compliance.

coc00n

coc00n

coc00n secures the devices of high-value and high-interest individuals against cyber attacks.

Upwind Security

Upwind Security

Upwind delivers comprehensive cloud security, precisely when and where it’s most critical.

ISGroup S.r.l

ISGroup S.r.l

ISGroup is your trusted partner for Network Penetration Testing, operating under internationally recognized standards and a strong focus on research.