Five data breaches in six months hit millions of Australians

Three data breaches in the second half of last year compromised the private information of millions of Australians in addition to the enormous Medibank and Optus cyberattacks that triggered public outrage.

Figures released on Wednesday by the Office of the Australian Information Commissioner show five breaches affected between 1 million and 10 million Australians between July and December 2022.

Criminal intrusions were responsible for most privacy breaches.Credit:iStock

The figures do not name the entities breached or the exact size but confirm a sharp rise in major cyberattacks and privacy breaches in Australia. The total number of incidents reported to the commissioner was up 26 per cent over the previous period while the number of breaches that affected more than 5000 Australians rose 67 per cent to 40.

Along with Medibank and Optus, Woolworths’ subsidiary MyDeal disclosed a breach affecting an estimated 2.2 million people in October last year. The breaches could also be from overseas companies that affected Australians.

Criminal attacks accounted for 70 per cent of breaches, with the rest a result of problems such as human error and system faults. The healthcare, finance, insurance, professional services and recruiting industries reported the most breaches, in that order.

Data breaches have to be reported to the commissioner’s office when a company, group or government entity loses control of personal information that is likely to result in serious harm that cannot immediately be remediated.

Commissioner Angelene Falk said cyber incidents were having a serious effect on the community.

“Organisations should take appropriate and proactive steps to protect against and respond to a range of cyber threats,” Falk said in a statement. “This starts with collecting the minimum amount of personal information required and deleting it when it is no longer needed.”

Her office’s report noted that the increased number of incidents disclosed could also be a product of greater awareness that breaches have to be reported.

The federal government has increased fines since the Optus and Medibank breaches last year and is considering banning paying ransoms or requiring them to be reported to stop Australia being a honeypot for hackers.

More to come.

The Business Briefing newsletter delivers major stories, exclusive coverage and expert opinion. Sign up to get it every weekday morning.

Most Viewed in Technology

From our partners

Source: Read Full Article