Malicious or criminal attacks accounted for nearly twice as many data breaches as those resulting from human error during the first quarter of 2019, according to the Notifiable Data Breaches Quarterly Statistics Report by the Office of the Australian Information Commissioner (OAIC).
The report, published today, marks the start of Australia’s Privacy Awareness Week. “By understanding the causes of notifiable data breaches, business and other regulated entities can take reasonable steps to prevent them,” said OAIC commissioner Angelene Falk, according to today’s press release.
Of the 215 data breach notifications in the first quarter of 2019, 61% were caused by malicious actors, while human error was to blame for only 35% of the total breaches. "Malicious or criminal attacks differ from human error breaches in that they are deliberately crafted to exploit known vulnerabilities for financial or other gain. Many incidents in this quarter appear to have exploited vulnerabilities involving a human factor, such as clicking on a phishing email or by using social engineering or impersonation to obtain access to personal information fraudulently," the report said.
An additional 4% were the result of some system fault, the report said. Cyber-criminals reportedly targeted contact information most frequently, followed by financial details, identity information and health information.
While the report noted that a single data breach reportedly affected more than 10 million individuals, “data breaches impacting between one and 10 individuals comprised 50 percent of the notifications."
Additionally noteworthy is that the 215 notifications shows a decline in the number of data breaches ..