Australia had around 1,000 data leaks reported in one year. Millions of records leaked

Data breach incidents have grown unusually in multiple countries, and Australia is a good example of this phenomenon. Official figures from the Office of Australian Information Commissioner (OAIC) say that during fiscal year 2019-2020, 1,050 incidents were registered, exposing users’ information.

Between January and June 2020, 518 incidents were reported, representing a slight decrease from the July to December 2019 period; it should be remembered that Australia has a scheme known as Notifiable Data Breaches (NDB), which sets out the characteristics that a report should have.

Esta imagen tiene un atributo ALT vacío; su nombre de archivo es australiadatabreach.jpg
SOURCE: Notifiable Data Breaches (NDB)

May 2020 is the month in which the most incidents were reported, accumulating 124 cases since the launch of the NDB scheme, implemented in February 2018. Regarding the causes of these incidents, the OAIC states that most of the incidents occurred due to human error, although a cause has not yet been established to explain the increase in the number of reports.

In addition to security errors, malicious hacking is the cause of multiple incidents, as authorities recorded at least 317 cyberattack incidents that resulted in data breaches. Reports include phishing campaigns, malware infections, social engineering, identity fraud, theft of sensitive information, compromise of storage units, among other attack variants.  

However, the attacks most used by hackers relate to the theft of login credentials and ransomware infections, which are present in at least 160 hacking incidents.

For the second time since the launch of NDB, the health services industry is most affected by data breach incidents, accumulating 115 information exposures, of which 75 occurred in the most recent three months. Other affected sectors include education, legal firms, accounting and management services.

Although in most reported incidents the number of affected users is even less than 100, incidents reported during these 12 months have affected more than 10 million users in total. Personal data such as full names, phone numbers, addresses, email addresses, and more were usually exposed in the reported incidents. A minimum number of incidents also involved data such as number of passports, driver’s licenses, among other details.

The OAIC requests users and organizations affected by such incidents to adhere to the procedures in place to report such incidents.