Malicious attacks rise in Australia's latest data breach numbers

The number of Australian organisations reporting data breaches climbed to new heights last quarter, with the majority continuing to result from malicious or criminal attack.

The Office of the Australian Information Commissioner (OAIC) said [pdf] it received 262 notifications in the third full quarter of the scheme’s operation, slightly higher than the 245 it received between July and September last year.

The OAIC said the results again reflected the need for improved staff training and security systems.

The majority of breaches continued to be the result of malicious or criminal attacks, which accounted for 168 notifications or 64 percent – a seven percent rise on the previous quarter.

These stemmed mostly from “compromised credentials (usernames and passwords), such as [through] phishing and brute-force attacks”, the OAIC said.

The report also shows that data breaches resulting from human error fell marginally from 37 to 33 percent and from system faults from six percent to three percent.

The number of individuals involved in the data breaches was largely consistent with previous quarters, with only one falling into the 1 million to 10 million people bracket.

It was a similar story for the leading industry sectors affected by data breaches, with health service providers continuing to lead the pack with 54 breaches, followed by finance (40) and legal, accounting and management services (23).

Australian Information Commissioner and Privacy Commissioner Angelene Falk said the latest results reinforced the need for organisations to secure personal information by safeguarding credentials.

“Preventing data breaches and improving cyber security must be a primary concern for any organisation entrusted with people’s personal information,” she said.

“Employees need to be made aware of the common tricks used by cyber criminals to steal usernames and passwords.”