OAIC report reveals 26% increase in data breaches across Australia

Share

The latest OAIC data breach report reveals a 26% increase in the second half of 2022, with several large-scale data breaches impacting millions of Australians’ personal information. 

“We saw a significant increase in data breaches that impacted a larger number of Australians in the second half of 2022,” Australian Information Commissioner and Privacy Commissioner Angelene Falk said. 

Cyber security incidents continue to have a significant impact on the community and were the cause of the majority of large-scale breaches.” 

Check out: Tech Council welcomes Prime Minister’s cyber security roundtable 

The report revealed that thirty-three of the 40 breaches that affected over 5,000 Australians were the result of cyber security incidents. 

Because of the significant increase, Commissioner Falk states that organisations need to be alert to the risks. 

“Organisations should take appropriate and proactive steps to protect against and respond to a range of cyber threats,” she said. 

“This starts with collecting the minimum amount of personal information required and deleting it when it is no longer needed.” 

The OAIC report also shows that organisations across Australia should to be vigilant as large-scale compromises of personal information may lead to further attacks. 

“As personal information becomes increasingly available to malicious actors through breaches, the likelihood of other attacks, such as targeted social engineering, impersonation fraud and scams, can increase,” Commissioner Falk said. 

“Organisations need to be on the front foot and have robust controls, such as fraud detection processes, in place to minimise the risk of further harm to individuals.” 

Check out: Top three data analytics trends for 2023 

The Office of the Australian Information Commissioner, which has clear expectations of best practice with regard to data breach preparation and response to ensure individuals are protected from harm, states that the information provided by organisations to individuals affected by a breach must include recommendations about clear steps people should take in response. 

The reporting period also saw the enactment of the Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022.  

This Act provides the Commissioner with new and greater powers to share information with other authorities about data breaches and obtain information and documents relevant to an actual or suspected eligible data breach. 

The Act also enables the Commissioner to conduct an assessment of the ability of an entity to comply with the Notifiable Data Breaches scheme. This includes the extent to which the entity has processes and procedures in place to assess suspected eligible data breaches, and provide notice to the Commissioner and individuals at risk from such breaches. 

Penalties for serious or repeated privacy breaches, which include non-compliance with the Notifiable Data Breaches scheme, have been significantly increased under the new law. 

“While we will continue to work with organisations to facilitate voluntary compliance, we will use these regulatory powers where required to ensure compliance with the Notifiable Data Breaches scheme,” Commissioner Falk said. 

“We also welcome the further proposals to strengthen the Notifiable Data Breaches scheme in the Attorney-General’s Department’s Privacy Act review report.”