The Office of the Australian Information Commissioner has published its Notifiable Data Breaches (NDB) Report for the period July to December 2022.
There was a 26% increase in breaches overall, as a result of large-scale cyber security incidents; thirty-three of the 40 breaches that affected over 5,000 Australians were the result of cyber security incidents.
The top 5 sectors to notify data breaches were:
- Health service providers;
- Finance (incl. superannuation);
- Insurance;
- Legal, accounting & management services; and
- Recruitment agencies.
45% of all data breaches resulted from cyber security incidents (222 notifications)
The main types of cyber incidents were:
- Ransomware;
- Compromised or stolen credentials (method unknown);
- Phishing (compromised credentials);
- Brute-force attack (compromised credentials);
- Hacking;
- Malware.
Other findings for the July to December 2022 reporting period include:
- There was a 41% increase in data breaches resulting from malicious or criminal attacks. Malicious
or criminal attacks accounted for 350 notifications – 70% of all notifications; - Human error was the cause of 123 notifications (25% of all notifications), down 5% in number from
129; - Contact information remains the most common type of personal information involved in breaches;
- The majority (88%) of breaches affected 5,000 individuals or fewer;
- 71% of entities notified the OAIC within 30 days of becoming aware of an incident.
If you found this article helpful, then subscribe to our news emails to keep up to date and look at our video courses for in-depth training. Use the search box at the top right of this page or the categories list on the right hand side of this page to check for other articles on the same or related matters.
Author: David Jacobson
Principal, Bright Corporate Law
Email:
About David Jacobson
The information contained in this article is not legal advice. It is not to be relied upon as a full statement of the law. You should seek professional advice for your specific needs and circumstances before acting or relying on any of the content.