The Australian Information Commissioner's Office (OAIC) has recently published findings from its latest examination of data breaches reported under the Notifiable Data Breaches (NDB) scheme, covering the latter half of 2023, from July 1 to Dec. 31.
This effort by the OAIC aims to shed light on privacy risks and foster a deeper comprehension of data breach dynamics through the dissemination of statistical data.
According to the report, there was an increase in reported data breaches, rising by 19% to 483 incidents, compared to 407 in the preceding six months. The predominant cause of these breaches was identified as malicious or criminal acts, representing 67% of the total incidents reported.
Notably, the health and finance sectors were the most frequent to report breaches, with health services accounting for 104 incidents (22% of the overall total) and financial services reporting 49 (10%).
The analysis also revealed that a majority of these incidents (65%) impacted fewer than 100 individuals. The period also saw a surge in secondary notifications, with 121 reported, significantly higher than the 29 documented in the first half of 2023. These secondary notifications often relate to a primary incident reported in an earlier period and provide insight into the scale of breaches affecting multiple parties.
According to the report, the type of personal information compromised in these breaches was primarily contact information, reported in 88% of incidents. This category includes an individual’s name, home address, phone number, and email address.
Identity information, which includes details like date of birth, passport details, and other government identifiers, was compromised in 63% of breaches.
In this period, health information emerged as the third most commonly affected type of personal information, involved in 41% of breaches, thus overtaking financial details.
The report explicitly stated that data breaches reported under the My Health Records Act 2012 are excluded due to distinct notification obligations specified in that legislation.
The statistics reported are up-to-date as of Jan. 30, and some data breach notifications are still under review, which may lead to future adjustments in these statistics.
