VoicePlus Blog

Australian businesses report 63 data breaches in first six weeks

Australian businesses reported 63 data breaches in the first six weeks of mandatory notification rules coming into effect, with "human error" listed as the most common cause.


The figures compare to only 114 self-reported instances for the entire 2016–17 financial year.

The Office of the Australian Information Commissioner (OAIC) has released its first quarterly report since the mandatory data breach notification scheme came into effect on February 22. [pdf]

The number of reported breaches grew from six in February to 55 breaches in March.

An even 50 percent of breaches were put down to 'human error", however malicious or criminal attack was not far behind at 44 percent.

OIAC source of breaches

Health Services Providers most prolific culprits

Health services providers were responsible for the single largest number of notifications (24%), followed by businesses that supply “legal, accounting and management services” (16%).

Organisations in the finance (13%), education (10%) and charity (6%) sectors were also itemised.

EMM secures devices and data

Contact Information most commonly breached

The OAIC said 78 percent of notifications it received impacted “contact information”, compared to 24 percent that exposed “identity information”. “Health information” was exposed in 33 percent of the cases and “financial details” in 30 percent of cases.

The majority of data breaches reported to the OAIC involved ‘contact information’, such as an individual’s name, email address, home address or phone number. This is distinct from ‘identity information’, which refers to information that is used to confirm an individual’s identity, such as driver licence numbers and passport numbers.

OIAC information breaches

“Entities also reported data breaches that involved individuals’ tax file numbers, financial details, such as bank account or credit card numbers, as well as health information.”

Majority of breaches involved less than 100 people

73 per cent of eligible data breaches reported involved the personal information of under 100 individuals, with just over half of the notifications involving the personal information of between 1 and 9 individuals. 27 per cent of notifications under the NDB scheme involved more than 100 individuals.

OIAC people affected by breaches

Learn about EMM with VoicePlus


Latest Posts

New call-to-action