Data breaches in Australia are their highest level in more than three years and jumped almost 10 percent in the first six months of this year.
New statistics from the Office of the Australian Information Commissioner (OAIC) show the number of data breaches notified to the regulator in the first half of 2024 was at its highest in three and a half years.
Australian Privacy Commissioner Carly Kind said the OAIC was notified of 527 data breaches from January to June 2024.
Commissioner Kind said this was the highest number of notifications since July to December 2020 and an increase of nine percent from the second half of 2023.
“Almost every day, my office is notified of data breaches where Australians are at likely risk of serious harm. This harm can range from an increase in scams and the risk of identity theft to emotional distress and even physical harm,” she said.
“Privacy and security measures are not keeping up with the threats facing Australians’ personal information and addressing this must be a priority.”
Commissioner Kind said the MediSecure data breach notified in the period affected approximately 12.9 million Australians, the largest number of Australians affected by a breach since the Notifiable Data Breaches scheme came into effect six years ago.
“Similar to previous reports, malicious and criminal attacks are the main source of breaches (67 percent), with 57 percent of those cyber security incidents.”
She said the health industry and the Australian Government notified the most data breaches of all sectors (19 percent and 12 percent respectively), highlighting both the private and public sectors were vulnerable.
“The Notifiable Data Breaches scheme is now mature, and we are moving into a new era in which our expectations of entities are higher,” Commissioner Kind said.
“Our recent enforcement action, including against Medibank and Australian Clinical Labs, should send a strong message that keeping personal information secure and meeting the requirements of the scheme when a data breach occurs must be priorities for organisations.”
She said the OAIC would continue to take a proportionate approach to enforcement and was also focused on providing guidance to help organisations comply with their obligations, reflected in changes to the latest report.
