The Office of the Australian Information Commissioner (OAIC) several weeks ago published the very first report on the Notifiable Data Breach scheme, or NDB. The results, especially given they only covered about 6 weeks, from mid-February to the end of March, show that Australian businesses are under constant assault and need to be vigilant about protecting data.
In six short weeks, 63 breaches were reported. Yes, more than 10 a week. What is perhaps a little surprising is that the majority of breaches were in the health service provider sector. Less surprising is the assault on legal, accounting, management and finance businesses.
Almost 80% of those reporting noted that contact information was breached; one third involved a breach of health data; and 30% reported the breach involved financial information. 24% identified identity information – such as passport and driver’s license numbers – as the target.
The good news is that more than half of the breaches reported are preventable, as they were caused by human error. The bad news is that almost all the rest were caused by malicious or criminal attacks.
The other bit of good news… or, at least, “not as bad as it might be” news”… is that most reported breaches involved fewer than 100 people. In fact, 37 of the 63 breaches reported involved fewer than 10 records.
What is missing from the OAIC’s statistics is more detail about the number of people involved in breach of more significant data than simply contact information. 33% of the breaches divulged health information, for example – but were these primarily cases of one letter with Joe’s health information accidentally sent to Sam?
Six breaches were reported that involved between 1,000 and 100,000 records. It would be good to know the exact nature of these thousands of records – were they the ones that lost financial, identity or health information? And how many of those thousands were breached as a result of malicious or criminal activity?
It’s clear that your business and personal computers need vigilant monitoring. Blutone Technologies can offer you the peace of mind you need as we continue to see these attacks, breaches, and data losses mounting. Give us a call today.
Source: OAIC’s NDB Quarterly Statistics Report
The OAIC just published information about the reasonable steps that must be taken in order to protect personal information and stay in compliance with current regulations, it’s worth taking a look: (link to https://www.oaic.gov.au/agencies-and-organisations/guides/guide-to-securing-personal-information )