There has been a 25 per cent increase in government agency data breaches – the highest number reported to date, says the national privacy regulator.
Statistics for July to December 2024 show the Office of the Australian Information Commissioner received notification from governments and businesses of 595 data breaches, ending the year with 1,113 notifications – a 25 per cent increase from 893 in 2023 and the highest annual total since the mandatory reporting scheme commenced in 2018.
“The trends we are observing suggest the threat of data breaches – especially through the efforts of malicious actors – is unlikely to diminish, and the risks to Australians are only likely to increase,” Australian Privacy Commissioner Carly Kind said.
Businesses and government agencies need to step up privacy and security measures to keep pace with the growing threats, added Kind. “Australians trust businesses and government agencies with their personal information and expect it to be treated with care and kept secure.”
Malicious and criminal attacks are the main source of the breaches, accounting for 69 per cent of notifications in the second half of 2024 with 61 per cent of those being cybersecurity incidents, says the OAIC report.
Health service providers and the Australian Government again reported the most data breaches of all sectors – 20 per cent and 17 per cent respectively.
The OAIC report also shows – despite some improvement – the public sector continuing to lag behind the private sector in the time taken to identify and report data breaches to the independent regulator.
“Time is of the essence with data breaches as the risk of serious harm often increases as days pass,” Kind said. “Timely notification ensures people are informed and can take steps to protect themselves.”
In addition to the report, the OAIC has published a blog post that draws attention to common attack methods such as phishing and impersonation that organisations and agencies need to be aware of and protect against.
“Individuals often don’t have a choice but to provide their personal information to access government services,” Kind said. “This makes it even more important that agencies keep personal information secure and have an action plan in place should a breach occur.”
Leave a Reply