Australian government agencies reported 34 data breaches over the last six months, with the majority taking longer than a month to put it on the record.
The government was once again among the top five sectors to notify data breaches to the Office of the Australian Information Commissioner, the latest OAIC report shows.
Only 71 per cent of government agencies identified an incident within 30 days of it occurring, and sixty-five per cent took longer than a month to report an incident after becoming aware of it.
Government notifications were among a total of 446 reported over the last six months. Health service providers accounted for the greatest number of notifications (85), followed by finance (57), legal, accounting and management services (35) and insurance (34).
Malicious and criminal attacks are the main cause of data breaches for all sectors except government, where human error was the cause of 74 per cent of notified data breaches, continuing a theme from the previous report.
The report shows that 25 of the 34 government breaches notified were the result of human error, including eight cases where private information was sent to the wrong person.
Other human error breaches included the accidental release or publication of data, while malicious breaches included phishing, stolen credentials and hacking.
Need for vigilance
Although the government’s human error breaches were down from 88 per cent in the last report, Australian Information Commissioner and Privacy Commissioner Angelene Falk said government agencies need to remain vigilant.
“Human error remains a major source of data breaches,” she said in a statement.
“Let’s not forget the human factor also plays a role in many cyber security incidents, with phishing being a good example.
“Organisations can reduce the risk of human error by educating staff about secure information handling practices and putting technological controls in place.”
Overall, data breach notifications to the OAIC were down 16 per cent from the reporting period.
Ninety-three per cent of breaches involved information about fewer than 5,000 people.
Comment below to have your say on this story.
If you have a news story or tip-off, get in touch at firstname.lastname@example.org.
Sign up to the Government News newsletter