Australian organisations reported 245 data breaches between July and September this year, on par with the number in the prior three months.
In its quarterly statistics release from the mandatory data breach notification scheme, the Office of the Australian Information Commissioner (OAIC) said the consistent number suggested better processes and staff training was needed, alongside security systems.
“Everyone who handles personal information in their work needs to understand how data breaches can occur so we can work together to prevent them,” Australian Information Commissioner and Privacy Commissioner Angelene Falk said.
“Organisations and agencies need the right cyber security in place, but they also need to make sure work policies and processes support staff to protect personal information every day.
“Our latest report shows 20 percent of data breaches over the quarter occurred when personal information was sent to the wrong recipient, by email, mail, fax or other means.
“We also need to be on the alert for suspicious emails or texts, with 20 percent of all data breaches in the quarter attributed to phishing.”
That said, the July to September quarter [pdf] was similar to the prior one.
Health and finance industry organisations were most affected by data breaches, reporting broadly consistent numbers.
The only major change was the scale of compromises reported.
In the previous quarter, the top breach impacted between 1 million and 10 million people, whereas in the most recent quarter, the largest breach hit between 100,000 and 250,000 people.