Reported Data Breaches – April 1 to June 30
Malicious or criminal attacks accounted for most of data breaches reported to the Office of the Australian Information Commissioner (OAIC) in the three months to June 30.
The majority of malicious or criminal breaches reported were the result of compromised personal credentials and information, and the most common human error was people sending emails containing personal information to the wrong recipient.
The OIAC says the risks of these types of data breaches can be greatly reduced by ensuring that staff responsible for handling personal information receive regular cyber awareness training.
242 notifications of data breaches
59% Malicious or criminal attacks
36% Human error
5% System faults
The most common attack vector was credentials that were compromised or stolen by some unknown method — 34% — followed by credentials compromised by phishing (29%) and compromised by brute-force attacks (14%).
Private health providers are again the top industry sector reporting data breaches followed by the finance sector.