The most recent Australian Notifiable Data Breaches Report, from April 01 to June 30, has identified contact details as the most at risk from a data breach, with malicious or criminal attacks accounting for the majority of breaches.
New figures show the total number of notifications rose to 245, compared to 215 in the January-March quarter, with information loss affecting less than 1,000 people in 225 of the instances, and just one in 61 incidences. Small numbers of breaches, mainly single or couple instances, impacted between 1,001 and 10 million people.
The kind of information that was most compromised was contact details, with 220 notifications –double the number of incidents involving financial details (102). These were closely followed by identity information (76), then health information (67). Also stolen in a hack were tax file numbers (38) and other sensitive information (22).
Of the data breaches, 62% were malicious or criminal attacks, 34% were due to human error, and 4% to system faults. The most impacted by malicious attacks was the health sector, followed by finance, legal, accounting and management services, education; and retail.
The health sector also recorded the highest incidence of human error, with 25 notifications. This was followed by finance (18), then legal, accounting and management services, and education (seven each), and retail (two).
The most-used methodology for stealing access credentials was phishing, accounting for more than 40% of malicious or criminal attacks. Stolen or compromised credentials also accounted for a further 35% of breaches. Hacking and ransomware were employed much less at 8.7% each and malware in only 2.86% breaches.
“This sends a clear message to Australian businesses to focus defence efforts on personal credentials and systems access, educating staff about security awareness and identifying and protecting potential entry points by employing robust controls,” insurance broker Gallagher said.