https://ift.tt/cKfQI65
The number of data breaches is at its highest level since July to December 2020, the Office of the Australian Information Commissioner (OAIC) has claimed.
During the first six months of 2024, the Australian Information Commissioner (OAIC) received 527 data breach notifications, the highest number of notifications received since July to December 2020.
According to the Notifiable data breaches report January to June 2024, health and the Australian government were the two most targeted sectors, making up 19 per cent and 12 per cent of all breach notifications, respectively.
Malicious and criminal attacks were the main source of breach notifications at 67 per cent, with 57 per cent of those involving cyber security incidents.
“Privacy and security measures are not keeping up with the threats facing Australians’ personal information and addressing this must be a priority,” Australian Privacy Commissioner Carly Kind said.
The report also showed that while 63 per cent of data breaches affected 100 or fewer people. However, shortly after the reporting period in July, medical script provider MediSecure told the Australian government that it suffered a data breach that affected 12.9 million Australians more than half a year earlier in November.
Breached information may have included personal and health information relating to prescriptions, as well as healthcare provider information.
This was the second breach recorded to affect more than 10 million Australians and was one of the highest number of individuals affected by a breach since the Notifiable Data Breaches (NDB) scheme came into effect in 2018.
Multi-party data breaches
The incident highlighted the risk of outsourcing personal information handling to third parties, the report said.
Multi-party data breaches also highlight the risks that exist beyond an entity’s immediate third-party suppliers, as well as the impact of delays in notifications to affected individuals.
In the reporting period, the OAIC received 34 notifications relating to data breach incidents involving more than one entity. Additionally, the agency proactively made inquiries with 35 entities impacted by multi-party data breach incidents to ensure compliance with the NDB scheme obligations.
“The Notifiable Data Breaches scheme is now mature, and we are moving into a new era in which our expectations of entities are higher,” Commissioner Kind added.