19th April, 2018

OAIC data breach initial report – stats are alarming

As you are hopefully aware, The Notifiable Data Breaches Scheme came into effect in February of this year (read more). It is a little alarming that The Office of Australian Information Commissioner (OAIC) received 63 reported breaches since the scheme began. The notifications are broken down into various industry sectors which showed that health service providers made the most notifications, at 15. Human error was responsible for 32 of the breaches reported, 28 were due to malicious or criminal acts and 2 were system errors.

These figures were released by OAIC in its first quarterly report earlier this month.  These numbers do however justify not only the need for the legislation in the first place, but also the importance of cyber insurance for electronic breaches, and it will now become more apparent how wide-spread the problem is.

The very first breach to be made public was shipping company, Svizter Australia, who revealed a data breach effecting over 400 of their 1,000 employees. The breach saw that their personal information, including tax file numbers, next of kin, superannuation account information, contained in more than 60,000 emails, were being secretly auto-forwarded to two external accounts between May 2017 and March 2018.

Clearly the requirements around data protection will only be increased over the coming years and we would encourage all businesses to get familiar with the requirements of the Notifiable Data Breaches Scheme.

Author: Murray Bruce