Notifiable Data Breaches Report January to June 2022

The Office of the Australian Information Commissioner (OAIC) has published its latest Notifiable Data Breaches Report covering notifications made under the Notifiable Data Breaches (NDB) scheme from 1 January to 30 June 2022.

Key findings for the January to June 2022 reporting period include:

  • 396 breaches were notified compared to 460 in July to December 2021 (14% decrease).
  • Malicious or criminal attack remains the leading source of breaches accounting for 250 notifications (63% of the total), down 1% in number from 253.
  • Data breaches resulting from human error accounted for 131 notifications (33% of the total), down 31% in number from 189.
  • Health remains the highest reporting sector notifying 20% of breaches, followed by finance (13%).
  • Contact information remains the most common type of personal information involved in breaches.
  • Forty-one per cent of all breaches (162 notifications) resulted from cyber security incidents. The top sources of cyber incidents were ransomware (51 notifications), phishing (42 notifications) and compromised or stolen credentials (method unknown) (40 notifications).
  • There were 24 data breaches reported to affect 5,000 or more Australians, four of which were reported to affect 100,000 or more Australians. All but one of these 24 breaches were caused by cyber security incidents.
  • 91% of breaches affected 5,000 individuals or fewer, while 65% affected 100 people or fewer.
  • 71% of entities notified the OAIC within 30 days of becoming aware of an incident.

If you found this article helpful, then subscribe to our news emails to keep up to date and look at our video courses for in-depth training. Use the search box at the top right of this page or the categories list on the right hand side of this page to check for other articles on the same or related matters.

David Jacobson

Author: David Jacobson
Principal, Bright Corporate Law
Email:
About David Jacobson
The information contained in this article is not legal advice. It is not to be relied upon as a full statement of the law. You should seek professional advice for your specific needs and circumstances before acting or relying on any of the content.

 

Your Compliance Support Plan

We understand you need a cost-effective way to keep up to date with regulatory changes. Talk to us about our fixed price plans.