The health sector reported more data breaches than any other industry sector (19% of all notifications), followed by finance (13%), from January to June 2021.
A total of 446 data breach notifications were received across sectors, by the Office of the Australian Information Commissioner (OAIC) during that time.
Malicious or criminal attacks accounted for 65% of notifications, while data breaches resulting from human error were also significant, accounting for 30%.
Australian Information and Privacy Commissioner Angelene Falk said ransomware attacks are a significant cyber threat and increasing incidents were cause for concern.
“The nature of these attacks can make it difficult for an entity to assess what data has been accessed or exfiltrated, and because of this we are concerned that some entities may not be reporting all eligible data breaches involving ransomware,” she said. “We expect entities to have appropriate internal practices, procedures and systems in place to assess and respond to data breaches involving ransomware, including a clear understanding of how and where personal information is stored across their network.”
A number of data breaches resulted from impersonation fraud, involving a malicious actor impersonating another individual to gain access to an account, system, network or physical location.
“The growth of data on the dark web unfortunately means that malicious actors can hold enough personal information to circumvent entities’ know your customer and fraud monitoring controls,” Commissioner Falk said. A new Easy English resource on what to do if there is a data breach is available at www.oaic.gov.au/about-us/translations/easy-english.