Under the Notifiable Data Breaches Scheme, Australian companies are now required to submit information surrounding any potential data breaches.
In Q1, over 60 breaches occurred, which might have previously remained undisclosed. Up to a quarter were situated within the healthcare domain (24%), with legal accounting and management services (16%), finance (13%), education (6%) and charities (4%) following closely behind.
According to the report, the demand for contact information dominated the list by up to 78%, whereas financial details and health information reached 30% and 33% respectively.
However, human error was found to be the leading cause of eligible data breaches revealed to the Office of the Australian Information Commissioner (OAIC), with information being sent to the wrong recipient, amongst other features.
Jason Edelstein, chief technology officer at Sense of Security, noted to Computer Weekly that such figures are a significant cause of concern
“The problem is, we’re sending contact information and financial details to these people. If they are malicious, an attacker could use this information to conduct social engineering activity, which can have dire consequences.
“These errors should not be happening and we need to have better processes and policies in place to prevent this leakage of personal information. This requires us to educate employees on the cyber security risks and their responsibilities in handling data.”