Australia: OAIC releases report on notifiable data breaches
On September 5, 2023, the Office of the Australian Information Commissioner (OAIC) announced the publication of a report on the notifications received under the Notifiable Data Breaches (NDB) scheme, considering the period from January 2023 to June 2023.
The report notes that, during the period, 409 data breaches were reported to the OAIC, a 16% decrease from the 486 breaches reported in 2022. The report highlights that in 2023 the largest breach since the NDB scheme began in 2018 occurred, affecting more than 10 million Australians.
Notably, the report identifies malicious or criminal attacks as the main cause of data breaches, responsible for 70% of incidents. In this regard, the report finds that the top three cyber attack methods were ransomware, compromised or stolen credentials, and phishing. Further, the report stated that breaches caused by human error were the fastest to be identified, with 81% identified in 30 days or less, whereas only 57% of breaches caused by system faults were identified in the same timeframe.
The report finds that the health and finance sectors were the top reporters of data breaches, with 63 breaches (15% of all notifications) and 54 breaches (13% of all notifications), respectively. However, according to the report, 63% of breaches affected 100 or fewer people.