The types of data breaches being reported

The Office of the Australian Information Commissioner releases a quarterly statistics report which gives an insight into the quantity and types of breach notifications, as well as the industries most affected.

Given the scheme commenced on 22 February 2018, the first Notifiable Data Breach Quarterly Statistics Report only captured part of February, and March 2018 (63 breaches were reported). The second report, for the period between 1 April and 30 June 2018, reveals that there were 242 notifications of which 36% were caused by human error, 59% by malicious or criminal attacks and 5% by system faults. The majority (61%) of data breaches involved personal information of 100 or fewer individuals.

The kind of personal data affected were:

  • predominantly contact information (at 89%);
  • 42% of cases involved financial details;
  • 39% involved identity information; and
  • 25% involved health information.

The industry that had the highest number of breach notifications was health service providers (49%), followed by finance (36%) and legal, accounting and management services (20%).