The Office of the Australian Information Commissioner (OAIC) now releases bi-annual reports on data breaches that are reported under the Notifiable Data Breaches (NDB) scheme in the Privacy Act 1988 (Cth) (Privacy Act). Its latest report for the period of January 2021 to June 2021 show 446 data breach notifications were received, a decrease of 16% on the previous reporting period. But the overall trends and takeways remain consistent over the last year – see our article here for our insights on the period, July to December 2020.
Key causes of breaches
Once again, malicious attacks and human error are the main causes of reported breaches. 65% were attributed to malicious or criminal attacks, 30% resulted from human error and 5% related to system faults. Phishing, ransomware, and compromised or stolen credentials were the main causes of cyber incidents, followed by social engineering or impersonation, rogue employees or insider threats, and theft of paperwork or storage devices.
The OAIC warns in its report that victims of ransomware, which it defines as “malicious software that makes data or systems unusable until the victim makes a payment”, should not assume they…
