Monday 16 April 2018

In Febuary-March 2018 there were 63 Notifiable Data Breaches in Australia involving the personal information of up to 341,849 individuals


In the 2016–17 financial year, the Office of the Australian Information Commissioner (OAIC) reported that it received 114 data breach notifications on a voluntary basis.

On 22 February the Notifiable Data Breaches (NDB) scheme came into force.

Between 22 February and 31 March 2018 there were 63 mandatory notifiable data breaches reported involving the personal information of up to est. 341,849 individuals, with 55 of these breaches reported in March alone.

Of these breaches:
24 were the result of criminal or malicious attack;
32 were the result of human error;
2 were system fault; and
1 was classified as “Other”.

The type of personal information involved in the data breaches:
Three of these data breaches involved the personal information of between 10,000 and 999,999 people in each instance.

At least 15 of the 63 data breached involved personal information held by “health service providers”. Health service providers are considered to be any organisation that provides a health service and holds health information.

Every individual whose personal information was breached was supposed to be notified by the entity holding their information, however the OAIC Quarterly Statistics Report: January 2018 - March 2018 did not specifically state that this had occurred. 

No comments: