Aussie finance sector attributes the most data breaches to "hacking"

Australia’s finance sector is the vertical that is most likely to attribute a data breach to "hacking", numbers released Thursday afternoon show.

A document [pdf] released by the Office of the Australian Information Commissioner (OAIC) under Freedom of Information (FoI) shows three sectors in particular suffered a greater number of breaches caused by “hacking” compared to others.

Of the 91 data breaches attributed to hacking between February 22 last year and June 6 this year, 17 incidents (about 18 percent) occurred in the finance and/or superannuation sector.

A further 10 breaches were the result of hacks on health service providers, while retailers experienced data breaches caused by hackers on nine occasions over the period.

In its quarterly statistical releases on notifiable data breaches, the OAIC does break out “hacking” as a type of “cyber incident”. 

However, in the most recent OAIC report, for example, hacking is not a particularly prevalent vector for cyber incidents that led to data breaches.

Compromised or stolen credentials - acquired through phishing, brute-force or an unknown method - accounted for 67 percent of cyber incidents in the first calendar quarter of this year; hacking, by contrast, was behind about 13 percent of cyber incidents that resulted in breaches.

The new numbers show a wide distribution of industries targeted by hackers.