The private health and financial sectors suffered more data breaches than any other sector between April and June, with human error a major source of those breaches.
The quarterly notifiable data breaches report published by the Office of the Australia Information Commissioner (Oaic) on Tuesday found malicious or criminal attacks accounted for 59% of data breaches, with theft of paperwork or storage devices a significant source of those attacks. Human error accounted for 36% of data breaches.
“Further, many cyber incidents in this quarter appear to have exploited vulnerabilities involving a human factor (such as clicking on a phishing email or disclosing passwords),” the report found.
The private health sector was the most vulnerable with 49 breaches in total, 29 of which came from human error, while 20 breaches were the result of a malicious or criminal attack. This was followed by the finance sector with 36 breaches; the legal, accounting and management services sector with 20 breaches; the private education sector with 19 breaches; and the business and professional associations sector with 15 breaches.
“Most data breaches in the period involved the personal information of 100 individuals or fewer (61% of data breaches),” the report found. “Data breaches impacting between one and 10 individuals comprised 38% of the notifications.”