Criminals Are Driving Australian Data Breaches

Malicious or criminal attacks accounted for the majority of data breaches reported to the Office of the Australian Information Commissioner in the three months to 30 June.

The OAIC has released its second report on the Notifiable Data Breaches (NDB) scheme. The report revealed that 59 percent of the 242 breaches reported to the privacy watchdog during the quarter were attributable to malicious or criminal attack.

Thirty-six percent related to human error and 5 percent to a system fault.

The overwhelming majority of those breaches, 97, related to ‘cyber incidents’ (31 related to data or paperwork theft, seven to insider threats and seven to social engineering).

The most common attack vector was credentials that were compromised or stolen by some unknown method, 34 per cent, followed by credentials compromised by phishing (29 per cent) and compromised by brute-force attacks (14 per cent).

As with the first report issued as part of the NDB scheme, the health sector dominated with the largest number of breaches. Forty-nine of the breaches were reported by health service providers, followed by finance (36 breaches), legal, accounting and management services (20), education sector (19) and business and professional associations (15).

The NDB scheme commenced on 22 February, making the new report the first to cover a full quarter of operation.

The scheme obliges organisations to report data breaches to the OAIC and notify affected individuals when there is a risk of “serious harm”.

The NDB scheme covers businesses with annual turnover greater than $3 million. Also subject to breach reporting obligations are organisations that handle certain sensitive categories of data, such as health-care providers, and Commonwealth entities.

“Notifications this quarter show that one of the key aims of the scheme, ensuring individuals are made aware when the security of their personal data is compromised, is being met,” said acting Australian Information Commissioner and acting Privacy Commissioner, Angelene Falk.

“Data breach notification to individuals by the entities experiencing the data breach can equip individuals with the information they need to take steps to reduce their risk of experiencing harm, which can reduce the overall impact of a breach.”

ComputerWorld:

You Might Also Read:

Cybercrime Is A Real Economic Threat:

Australia's Largest Bank Lost The Personal Financial Histories Of 12m Customers:

 

« Estonia’s Cyber Revenge
Satellite Imagery + Social Media = A New Way To Spot Emerging Nuclear Threats »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Miller Group

Miller Group

Miller Group is an IT managed service provider. We proactively monitor and manage your entire business computer network. Services include backup & recovery and cyber security.

RKH Specialty

RKH Specialty

RKH Specialty, part of the Hyperion Insurance Group, is a provider of specialty insurance services including Cyber Risk cover.

ThreatSTOP

ThreatSTOP

ThreatSTOP is a cloud-based automated threat intelligence platform that converts the latest threat data into enforcement policies to stop attacks before they become breaches.

ITU Arab Regional Cyber Security Center (ITU-ARCC)

ITU Arab Regional Cyber Security Center (ITU-ARCC)

ITU-ARCC acts as ITU’s cybersecurity hub in the Arab Region localizing and coordinating cybersecurity initiatives.

Empiric

Empiric

Empiric is a multi-award winning technology and transformation recruitment agency specialising in data, digital, cloud and security.

GitGuardian

GitGuardian

Enable developers, ops, security and compliance professionals to enforce security policies across public and private code, and other data sources as well

Bugraptors

Bugraptors

BugRaptors is a certified software testing company with extensive experience as a third-party testing vendor, effectively proven as a leader in software testing & QA Services.

ITsMine

ITsMine

ITsMine’s Beyond DLP solution is a leading Data Loss Prevention solution used by organizations to protect against internal and external threats automatically.

Point Predictive

Point Predictive

Point Predictive build Predictive Models using Artificial Intelligence and Machine Learning techniques that help our customers stop fraud and early payment default (EPD).

ToucanX

ToucanX

ToucanX has eliminated remote attack vectors without sacrificing productivity. We’ve brought embedded near real time virtualization to the enterprise endpoint.

GovernmentCIO

GovernmentCIO

GovernmentCIO was founded with a single purpose: to transform government IT. We are thought leaders in data analytics, machine learning, cybersecurity and IT transformation.

Dutch Institute for Vulnerability Disclosure (DIVD)

Dutch Institute for Vulnerability Disclosure (DIVD)

DIVD's aim is to make the digital world safer by reporting vulnerabilities we find in digital systems to the people who can fix them.

RevealSecurity

RevealSecurity

RevealSecurity's TrackerIQ detects malicious activities in enterprise applications.

Wavenet

Wavenet

Wavenet has grown from simple beginnings to become one of the UK’s market leaders in unified communications, business telephony, and Cyber Security solutions.

Mobilicom

Mobilicom

Mobilicom is an end-to-end provider of cybersecurity and smart solutions for drones, robotics & autonomous platforms.

Harmonic Security

Harmonic Security

Harmonic Security helps companies to adopt Generative AI without risking the security and privacy of their data.