Information belonging to more than 10 million individuals in Australia has been affected in a single data breach. The disclosure of the event comes from the Office of the Australian Information Commissioner (OAIC). With current population of about 25.4million, this means that almost half of Australia has been affected.
The data breach was reported to OAIC under the Notifiable Data Breaches scheme between January and March, 2019, and went public in the Quarterly Statistics Report.
Data Breaches in Australia: the Details
According to the report, malicious or criminal attacks accounted for 131 data breaches this quarter, while human error accounted for 75 data breaches. Nine data breaches were triggered by system faults.
Malicious or criminal attacks differ from human error breaches in that they are deliberately crafted to exploit known vulnerabilities for financial or other gain. Many incidents in this quarter appear to have exploited vulnerabilities involving a human factor, such as clicking on a phishing email or by using social engineering or impersonation to obtain access to personal information fraudulently.
The report, however, did not reveal any details about the data breach involving 10 million individuals. The total number of breaches OAIC was notified about is 215, down from the 262 breach incidents reported in October – December last year.
A total of 186 breaches affected contact information, making this type of PII the most relevant for the quarter. As for the most affected sectors, the top sector to report data breaches was the private health service provider sector (health sector) with 27%. The second largest source was the finance sector with 13%, followed by the legal, accounting and management services sector, the private education sector, and the retail sector.
It is curious to note that the largest source of data breaches in the health sector was human error with 52%, with triggers such as sending personal information to the wrong recipient by email, unintended release or publication of personal information (20%) or loss of paperwork or data storage device (23 per%).
According to another Q1 2019 report conducted by Risk Based Security, the total of publicly disclosed data breaches for the period is 1903. These breaches exposed more than 1.9 billion records making the first quarter of 2019.