The OAIC’s “Notifiable Data Breaches Report: July to December 2023” provides an overview of data breaches reported during this period under the Notifiable Data Breaches (NDB) scheme.
The report notes a total increase in reported breaches compared to the previous six months, with malicious or criminal attacks remaining the primary cause, responsible for 67% of incidents. These attacks often involve compromised credentials or phishing. Human error accounted for 30% of breaches, including mistakes like sending personal information to the wrong recipient.
Healthcare continues to be the most impacted sector, accounting for the highest number of breaches, followed by finance and legal sectors. The majority of breaches involved contact details and financial information, raising significant privacy concerns. The report stresses the importance of organisations bolstering their cybersecurity strategies and enhancing staff training to reduce risks.
Additionally, it highlights emerging trends, including increased targeting of smaller organisations and the growing sophistication of cyberattacks. The OAIC recommends stronger data management practices, improved access controls, and ongoing monitoring of vulnerabilities as key strategies to mitigate future incidents.
Summary of findings:
- There was a 19% increase in reported data breaches compared to the prior six-month period.
- The top five sectors to notify the OAIC were:
- Healthcare
- Finance
- Insurance
- Retail
- Government
- 67% of data breaches directly related to malicious or criminal attacks, 30% due to human error and 3% system faults
Download the full report here: https://www.oaic.gov.au/__data/assets/pdf_file/0021/156531/Notifiable-data-breaches-report-July-to-December-2023.pdf