The Office of the Australian Information Commissioner (OAIC) has released its second quarterly report of notifiable data breaches. This report is of particular significance as it, unlike the first “quarterly” report, covers a full quarter and therefore depicts a more accurate account of data breaches over a calendar quarter.

The report revealed that OAIC received 242 notifications of data breaches, up from 63 in the first quarterly report. Of note, this quarterly figure is more than double the entire number of notifications for the 2016-17 financial year, when notification of data breaches was voluntary.

Some interesting figures from the OAIC’s report are as follows:

• 20% of notifications were from health service providers, 15% of notifications from the finance sector, and legal, accounting and management services sector accounted for 8% of notifications;
• 89% of data breaches involved individual’s contact details, 49% involved financial details, 39% involved identity details, 25% involved health details, 19% involved tax file numbers, and 7% involved other types of personal information;
• 59% of data breaches were due to malicious or criminal attack, with 36% due to human error, and 5% due to system faults.

Of the 242 data breaches, 51 affected only one individual – but 6 affected more than 10,000 individuals.