The OAIC’s latest Notifiable Data Breaches Report reveals that the organisation has received 446 data breach notifications from January to June of this year.
Out of the 446 data breaches, 43 per cent came from cyber security incidents. The OAIC also reported that data breaches caused by ransomware incidents increased by 24%, rising to 46 from the last reported 37 notifications.
Australian Information Commissioner and Privacy Commissioner Angelene Falk said the increase in ransomware incidents was cause for concern due to the difficulties in assessing such breaches.
“We know from our work and from the Australian Cyber Security Centre that ransomware attacks are a significant cyber threat,” Commissioner Falk said.
“The nature of these attacks can make it difficult for an entity to assess what data has been accessed or exfiltrated, and because of this we are concerned that some entities may not be reporting all eligible data breaches involving ransomware.”
Because of the increase in ransomware attacks, the OAIC advises entities to have appropriate internal practices, procedures and systems that will assess and respond to data breaches.
The OAIC also advises that entities should have a clear understanding of how and where personal information is stored across their network.
Aside from data breaches caused by ransomware attacks, there was also a number of breaches that were caused by impersonation fraud, where a malicious actor impersonates another individual to gain access to an account, system, network or physical location.
“The growth of data on the dark web unfortunately means that malicious actors can hold enough personal information to circumvent entities’ ‘know your customer’ and fraud monitoring controls,” Commissioner Falk said.
“We expect entities to notify us when they experience impersonation fraud, where there is a likely risk of serious harm.”
The report recommends that entities should continually review and enhance their security posture to minimise the growing risk of impersonation fraud.
The Notifiable Data Breaches Report also revealed the following key findings:
Although human error breaches decreased in the latest report, entities, particularly the Australian Government, need to remain alert to this risk.
“Human error remains a major source of data breaches. Let’s not forget the human factor also plays a role in many cyber security incidents, with phishing being a good example,” Commissioner Falk said.
“Organisations can reduce the risk of human error by educating staff about secure information handling practices and putting technological controls in place.”
SOURCE: OFFICE OF THE AUSTRALIAN INFORMATION COMMISSIONER MEDIA RELEASE
Eliza is a content producer and editor at Public Spectrum. She is an experienced writer on topics related to the government and to the public, as well as stories that uplift and improve the community.