Are Data Breaches Decreasing In Numbers?

Data breaches are a big problem for businesses large and small. Last year, there were 964 breaches reported to the OIAC under the NDBS. The NDB is short for Notifiable Data Breach Scheme.

Under the Notifiable Data Breaches (NDB) scheme any organisation or agency the Privacy Act 1988 covers must notify affected individuals and the OAIC when a data breach is likely to result in serious harm to an individual whose personal information is involved.

A data breach occurs when personal information an organisation or agency holds is lost or subjected to unauthorised access or disclosure. For example, when:

  • a device with a customer’s personal information is lost or stolen
  • a database with personal information is hacked
  • personal information is mistakenly given to the wrong person

The notification to individuals must include recommendations about the steps they should take in response to the data breach. You should notify the OAIC using our online Notifiable Data Breach form

In the last quarter of January to March of 2019, there were 215 data breach incidents reported to the NDB. This shows a 14 percent decrease from the number of incidents reported in October through December of 2018. The number of incidents reported during this late-year period of 2018 was 262. These notifications seem to be at an unusually high number when compared to previous quarters.

For example, the April to June quarter had 242 reported data breach incidents. In the July through September quarter, there were 254 data breaches reported. All of these quarters were in the year of 2018. Even considering these numbers, there is still a stark decrease in the number of reported incidents when comparing these quarters to that first quarter of the year 2019.

Most IT support professionals will look at these number comparisons and conclude that data breaches are happening less often to businesses throughout Australia. This is too quick of judgment as we need to take in more factors on the matter. For example, the reporting of these data breaches is voluntary. So, it’s completely possible that those who reported data breaches in the past simply have chosen not to continue with their regular reporting of the data breaches they experience. Any sort of managed services business should be reporting the data breaches to the NDB to help keep the numbers accurate.

Most IT support professionals will want to have more data on the matter. While a new quarterly report would be extremely helpful to understand where the number of data breaches is at for the second quarter of the year 2019, that’s not possible. The Office of the Australian Information Commissioner or, OIAC for short, has moved to only releasing reports bi-annually. Therefore, the next report won’t be released until July.


Specific Trends To Take Notice Of

When looking at the actual types of attacks that were experienced by businesses, the first quarter of 2019 showed a higher smaller scale, targeted attacks. Most of the data breaches reported during the beginning of the year showed that about 100 individuals experienced personal information breaches. That accounts for about 68 percent of the overall data breaches experienced throughout the start of this year.

Understanding the known cause for the data breach is also important. For the beginning of this year, causes were mainly noted in three different categories. The first was malicious breaches that made up about 60 percent of all the reported data breaches. About 35 percent of the breaches were attributed to human error. About four percent of the breaches were system faults. Phishing was one of the big contributors to the data breaches.

When it comes to explaining the human error sector of the data breaches, it’s been shown that the majority of it was done in the medical healthcare field. Numbers reign in around 30 breaches reported by the healthcare sector that was a result of human error. The remaining 28 was split between 26 being malicious attacks and 2 being system fault breaches. While it may not seem like an overly big breach of data with these numbers, it’s important to note that just 21 of the breaches reported affecting 37,000 people. That’s a lot of people being affected by one data breach.

Apart from healthcare services, there were data breaches in many other industries. Financial services reigned in at 27 total breaches. The accounting sector totaled 23 breaches. Education came in with 19 and the retail sector showed 11 data breaches reported. The most common information stolen from these data breaches was contact information, which accounted for 186 of the reported attacks. Financial details were obtained in 98 of the breaches, while 63 of them involved breaching of healthcare information.

With all this reported information, it’s clear that data breaches are still a problem. While the number of reported breaches has declined since the beginning of 2019, there are still several factors that go into determining whether or not data breaches have slowed down officially. One thing is for sure, which is there is still a need for heightened digital security.