Criminals Are Driving Australian Data Breaches

Uploaded on 2018-08-07 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Malicious or criminal attacks accounted for the majority of data breaches reported to the Office of the Australian Information Commissioner in the three months to 30 June.

The OAIC has released its second report on the Notifiable Data Breaches (NDB) scheme. The report revealed that 59 percent of the 242 breaches reported to the privacy watchdog during the quarter were attributable to malicious or criminal attack.

Thirty-six percent related to human error and 5 percent to a system fault.

The overwhelming majority of those breaches, 97, related to ‘cyber incidents’ (31 related to data or paperwork theft, seven to insider threats and seven to social engineering).

The most common attack vector was credentials that were compromised or stolen by some unknown method, 34 per cent, followed by credentials compromised by phishing (29 per cent) and compromised by brute-force attacks (14 per cent).

As with the first report issued as part of the NDB scheme, the health sector dominated with the largest number of breaches. Forty-nine of the breaches were reported by health service providers, followed by finance (36 breaches), legal, accounting and management services (20), education sector (19) and business and professional associations (15).

The NDB scheme commenced on 22 February, making the new report the first to cover a full quarter of operation.

The scheme obliges organisations to report data breaches to the OAIC and notify affected individuals when there is a risk of “serious harm”.

The NDB scheme covers businesses with annual turnover greater than $3 million. Also subject to breach reporting obligations are organisations that handle certain sensitive categories of data, such as health-care providers, and Commonwealth entities.

“Notifications this quarter show that one of the key aims of the scheme, ensuring individuals are made aware when the security of their personal data is compromised, is being met,” said acting Australian Information Commissioner and acting Privacy Commissioner, Angelene Falk.

“Data breach notification to individuals by the entities experiencing the data breach can equip individuals with the information they need to take steps to reduce their risk of experiencing harm, which can reduce the overall impact of a breach.”

ComputerWorld:

You Might Also Read:

Cybercrime Is A Real Economic Threat:

Australia's Largest Bank Lost The Personal Financial Histories Of 12m Customers:

 

« Estonia’s Cyber Revenge
Satellite Imagery + Social Media = A New Way To Spot Emerging Nuclear Threats »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Synovum

Synovum

Synovum was formed with the intention to provide high quality advice, consultancy, training and project management services to clients in all sectors of industry.

Qualitest Group

Qualitest Group

Qualitest is the world’s largest pure play Quality Assurance and software testing company.

Seceon

Seceon

Seceon OTM, is a cyber security advanced threat management platform that visualizes, detects, and eliminates threats in real time.

Teramind

Teramind

Teramind provides a user-centric security approach to monitor employee behavior in order to identify suspicious activity, detect possible threats, monitor efficiency, and ensure industry compliance.

CMMI Institute

CMMI Institute

CMMI Institute enables organizations to elevate and benchmark performance across a range of critical business capabilities, including product development, data management and cybersecurity.

OCM Business Systems

OCM Business Systems

OCM are experts in the safe, secure and responsible disposal of IT & EPoS assets.

NINJIO

NINJIO

NINJIO is a leader in cybersecurity awareness training. View IT Security Awareness through a different lens - entertain and educate your users through storytelling.

Matrium Technologies

Matrium Technologies

Matrium Technologies has been a leading provider of technology solutions since 1991, with a strong industry background in Network Testing, Network Visibility and Security.

SecurityGen

SecurityGen

SecurityGen is a global cybersecurity start-up focused on telecom security, with a focus on 5G networks.

EasyDMARC

EasyDMARC

EasyDMARC deliver the most comprehensive product for anyone who strives to build the most secure possible defence system for their email ecosystem.

Cisilion

Cisilion

Cisilion's mission is simple – to transform and connect business with next-generation IT infrastructure. Our expertise includes enterprise networking, security, data centre & cloud, managed services.

Seraphic Security

Seraphic Security

Seraphic Security provides attack protection to enable safe browsing for employees or contractors, as well as advanced governance controls to enforce enterprise policies across devices.

AFRY

AFRY

AFRY is a world leading engineering company, trusted as a supplier of services and solutions within the industry, energy, and infrastructure sectors as well as for authorities.

ImagineX Consulting

ImagineX Consulting

ImagineX Consulting is a cybersecurity-focused boutique technology consultancy whose mission is to help our clients #BeBetter by reducing their corporate risk.

Cythera

Cythera

Cythera is an Australian cyber security company with in-house cyber security professionals providing world-class cyber protection to medium to large companies all over Australia.

Seiber

Seiber

Seiber are a UK based Cyber Security company who provide consultancy and training services. Our objective is to stop bad things happening to good people.