Criminals Are Driving Australian Data Breaches

Uploaded on 2018-08-07 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Malicious or criminal attacks accounted for the majority of data breaches reported to the Office of the Australian Information Commissioner in the three months to 30 June.

The OAIC has released its second report on the Notifiable Data Breaches (NDB) scheme. The report revealed that 59 percent of the 242 breaches reported to the privacy watchdog during the quarter were attributable to malicious or criminal attack.

Thirty-six percent related to human error and 5 percent to a system fault.

The overwhelming majority of those breaches, 97, related to ‘cyber incidents’ (31 related to data or paperwork theft, seven to insider threats and seven to social engineering).

The most common attack vector was credentials that were compromised or stolen by some unknown method, 34 per cent, followed by credentials compromised by phishing (29 per cent) and compromised by brute-force attacks (14 per cent).

As with the first report issued as part of the NDB scheme, the health sector dominated with the largest number of breaches. Forty-nine of the breaches were reported by health service providers, followed by finance (36 breaches), legal, accounting and management services (20), education sector (19) and business and professional associations (15).

The NDB scheme commenced on 22 February, making the new report the first to cover a full quarter of operation.

The scheme obliges organisations to report data breaches to the OAIC and notify affected individuals when there is a risk of “serious harm”.

The NDB scheme covers businesses with annual turnover greater than $3 million. Also subject to breach reporting obligations are organisations that handle certain sensitive categories of data, such as health-care providers, and Commonwealth entities.

“Notifications this quarter show that one of the key aims of the scheme, ensuring individuals are made aware when the security of their personal data is compromised, is being met,” said acting Australian Information Commissioner and acting Privacy Commissioner, Angelene Falk.

“Data breach notification to individuals by the entities experiencing the data breach can equip individuals with the information they need to take steps to reduce their risk of experiencing harm, which can reduce the overall impact of a breach.”

ComputerWorld:

You Might Also Read:

Cybercrime Is A Real Economic Threat:

Australia's Largest Bank Lost The Personal Financial Histories Of 12m Customers:

 

« Estonia’s Cyber Revenge
Satellite Imagery + Social Media = A New Way To Spot Emerging Nuclear Threats »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Secure Technology Alliance

Secure Technology Alliance

Secure Technology Alliance is a multi-industry association working to stimulate the adoption and widespread application of secure solutions.

Exida

Exida

Exida is a leading product certification and knowledge company specializing in industrial automation system safety, security, and availability.

Roke Manor Research

Roke Manor Research

Roke is a world-class electronics engineering consultancy. Areas of expertise include cyber security, cyber assurance and cryptographic solutions.

Pindrop Security

Pindrop Security

Pindrop solutions are leading the way to the future of voice by establishing the standard for security, identity, and trust for every voice interaction.

SteelCloud

SteelCloud

SteelCloud has spent the last decade inventing technology to automate policy compliance, configuration control, and Cloud security.

Vdoo

Vdoo

Vdoo provides an end-to-end product security platform for automating all software security tasks throughout the entire product lifecycle.

Agio

Agio

Agio is a hybrid managed IT and cybersecurity provider servicing the financial services, health care and payments industries.

Systems Assessment Bureau (SAB)

Systems Assessment Bureau (SAB)

Systems Assessment Bureau is an internationally recognized ISO Certification Body with a unique vision of “Excel together with global standards”.

Internet 2.0

Internet 2.0

Internet 2.0 is a Cyber Security technology company with a core focus on developing affordable but sophisticated cyber security solutions.

YorCyberSec

YorCyberSec

YorCyberSec act as a trusted Cyber and Information Security broker and procurement specialist. We help companies to Reduce Risk, Increase Assurance and Improve Performance.

Verica

Verica

Verica uses chaos engineering to make systems more secure and less vulnerable to costly incidents.

Banyax

Banyax

Banyax provides 24×7 real-time Cyber Defense Center Services using the latest technology tools to provide state-of-the-art defense.

Oasis Technology

Oasis Technology

Oasis Technology are experts in cyber security. In addition to pioneering the game-changing TITAN anti-hacking device, we provide extensive cyber security consulting services.

Beyon Cyber

Beyon Cyber

Beyon Cyber offer a complete portfolio of advanced solutions & services for cyber security in Bahrain.

Synergy ECP

Synergy ECP

Synergy ECP has a talented, dedicated staff to provide a broad range of services to the defense and intelligence industries.

Scope AI

Scope AI

Scope AI is an innovative technology company specializing in quantum security and machine learning.