Social engineering

30% of system failures detected one year later 446 Australia Violation Notice – Texas


The medical services industry continues to be the sector with the highest number of data breaches reported in Australia, with 446 information notified to the Australian Information Commissioner (OAIC) ​​during the six months to June 30, 2021. It accounts for 85 of the leaks. ..

The total of 446 cases is down 16% compared to 530 notifications in the previous 6 months. In fiscal 2020-21, 976 notifications were received under the Notifiable Data Infringement (NDB) scheme.

The number of notifications in March was 102, which was the highest.

During the reporting period, 81% of violations were identified by the entity within 30 days of occurrence, while in 4% the entity took longer than 365 days.

“For data breaches caused by malicious, criminal, or human error, more than 80% of entities identified an incident within 30 days of the incident,” OAIC wrote. I am. “If an entity experiences a data breach due to a system failure, only 61% identified the incident within 30 days, and 30% were unaware of the incident for over a year.”

During the reporting period, 72% of entities notified OAIC within 30 days of noticing an incident that was subsequently assessed as a qualified data breach. Twenty-seven entities took more than 120 days from noticing an incident to notifying OAIC.

71% of Australian government agencies reporting the incident discovered the incident within 30 days. However, 9% took more than a year to find. It took more than a year for 3% to notify OAIC.

Health has been the most affected sector since the mandate. This half is second only to health in the financial sector, accounting for 57 notifications, followed by legal and accounting with 35, and the Australian Government and insurance sector with 34 each.

The Australian Government entered the top five sectors in the first half of 2009.

All Australian institutions and organizations covered by Privacy Act 1988 Individuals involved in data breaches where personal information can cause “serious harm” should be notified as soon as possible after becoming aware of the breach. Privacy law covers most Australian government agencies. Many intelligence and national security agencies are not covered, as are state and local government agencies, public hospitals and public schools.

In the latest 6-month report [PDF] OAIC captured the notifications made under the NDB scheme and stated that most data breaches involve the personal information of up to 5,000 people.

Three notifications affected more than one million individuals and one affected more than 10 million individuals.

Contact information, identity information, and financial information continue to be the most common types of personal information related to data breaches. 407 (or 91%) of violations reported under the scheme involved contact information such as an individual’s name, home address, phone number, or email address.

ID information breaches occurred in 247 instances, 193 financial information was disclosed, 136 health information, 102 violations disclosed tax file numbers, and 75 other confidential information breached. I did.

Malicious or criminal attacks are the leading cause of data breaches reported to OAIC, accounting for 289 breaches. 192 breaches were caused by “cyber incidents,” 35 of which were due to social engineering or spoofing, and 28 were due to fraudulent employee or internal threat behavior, paperwork or storage device theft. Was the cause of 34 notifications.

According to the report, human error remains the leading cause of violations, accounting for 134 notifications and system failures accounting for the remaining 23 violations.

Human error violations include sending personal information to the wrong recipient via email, unintentional release or disclosure of personal information, and failure to use the blind carbon copy feature when sending group emails. ..

31 notifications have been fraudulently disclosed / unintentionally released or published. This alone affected 523,998 people.

The Australian Government did not report incidents related to system failures, but reported 25 as human error and 9 as malicious or criminal attacks. The Australian Government also reported one case as a “hack.”

The main causes of cyber incidents during the reporting period were phishing, breach or theft, and ransomware.

“More than half (62%) of cyber incidents during the reporting period involved malicious attackers using compromised or stolen credentials to access their accounts,” OAIC said. Says. “The most common method used by malicious attackers to obtain compromised credentials was email-based phishing (58 notifications).”

Ransomware incidents increased from 37 in the first half to 46 and increased by 24% in the second half.


Notification of data breaches under the NDB scheme since its inception

Image: OAIC

Do I need to disclose a breach?Read this: Notifiable data breach scheme: Preparing to disclose data breach in Australia

Related coverage

Source link 30% of system failures detected one year later 446 Australia Violation Notice


Read More:30% of system failures detected one year later 446 Australia Violation Notice – Texas

Products You May Like