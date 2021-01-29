NEWS
Malicious attacks most common in finance
BY ELIZA BAVIN  |  FRIDAY, 29 JAN 2021   12:24PM

The finance sector reported the second largest number of data breaches last year, beat out only by the health sector, according to the Office of the Australian Information Commissioner (OAIC).

The Notifiable Data Breaches Report found the finance sector accounted for 15% of all reported data breached in the period from July to December 2020.

The health sector remains the highest reporting industry sector, notifying 23% of all breaches.

Financial services, including the superannuation industry, reported 80 breaches for the period, with only 68% of those reported within 30 days of the incident.

Australian Information Commissioner and Privacy Commissioner Angelene Falk said 38% of all data breaches notified during the period were attributed to human error.

"In the past six months, we saw an increase in human error breaches both in terms of the total number of notifications received - up 18% to 204 - and proportionally - up from 34% to 38%," Falk said.

"The human factor is also a dominant theme in many malicious or criminal attacks, which remain the leading source of breaches notified to my office."

Malicious or criminal attacks were the most common source within the finance sector, comprising 66% of data breaches reported by the sector. Human error was the source of 28% of data breaches within the finance sector.

"Organisations need to reduce the risk of a data breach by addressing human error - for example, by prioritising training staff on secure information handling practices," Falk said.

Additionally, of the top five industry sectors, the finance sector reported the most breaches resulting from system faults.

The OAIC received 539 data breach notifications from July to December 2020, an increase of 5% on the previous six months (512).

Falk said the OAIC is also calling for entities to have effective systems in place for responding to data breaches.

"Being prepared for a data breach is important for all entities that handle personal information. Entities must have effective systems for detecting, containing, assessing, notifying and reviewing data breaches," Falk said.

"Critically, they need to provide individuals with clear and timely information about data breaches, including recommendations on steps they can take to protect themselves from harm. Any unnecessary delay in providing this information undermines the purpose of the Notifiable Data Breaches scheme."

