The latest Notifiable data breaches report released by the Office of the Australian Information Commissioner (OAIC) revealed the first six months of 2024 had seen the largest number of data breaches in three-and-a-half years.
From January to June this year, the OAIC were notified of 527 breaches, a nine per cent increase from the previous six months and the highest number of notified data breaches since the July to December 2020 period.
The latest report also showed Health and the Australian Government were responsible for notifying the highest number of data breaches across all sectors, accounting for 19 per cent and 12 per cent respectively.
‘Malicious and criminal attacks’ remained the top cause of data breaches (67 per cent) when compared to previous reports, with 57 per cent of those also recorded as cyber security incidents.
“Almost every day, my office is notified of data breaches where Australians are at likely risk of serious harm. This harm can range from an increase in scams and the risk of identity theft to emotional distress and even physical harm,” Australian Privacy Commissioner, Carly Kind, said.
“Privacy and security measures are not keeping up with the threats facing Australians’ personal information and addressing this must be a priority.”
The MediSecure data breach was the largest privacy issue, affecting 12.9 million Australians, recorded since the Notifiable Data Breaches scheme came into effect six years ago.
“The Notifiable Data Breaches scheme is now mature, and we are moving into a new era in which our expectations of entities are higher,” Kind said.
“Our recent enforcement action, including against Medibank and Australian Clinical Labs, should send a strong message that keeping personal information secure and meeting the requirements of the scheme when a data breach occurs must be priorities for organisations.
“Our priority is ensuring compliance with the law, and we will help organisations achieve this through education and articulating what ‘good’ looks like.”
The report also follows after the Australian Government announced it would overhaul the country’s existing privacy law through the Privacy and Other Legislation Amendment Bill 2024, granting the OAIC stronger enforcement and infringement powers and clarifying important security requirements for organisations.
“We would like to see all Australian organisations be required to build the highest levels of security into their operations to protect Australians’ personal information to the maximum extent possible,” Kind said.