Newly released figures reveal that millions of Australians are believed to have been affected by data breaches in the three months to 30 June.
For the second quarter running the Office of the Australian Information Commissioner’s report on the Notifiable Data Breaches (NDB) scheme has included a breach affecting “10,000,001 or more” people.
The OAIC report notes that the figure “reflects the number of individuals worldwide whose personal information was compromised in this data breach, not only individuals in Australia, as estimated by the notifying entity”.
The latest NDB report also includes one breach affecting 250,001-500,000 individuals, and two affecting 100,000-500,000 people.
A high-profile breach revealed during the reporting period involved 19 years of Australian National University information relating to staff, students and visitors. ANU’s administration in June said it had been hacked by “sophisticated operator”.
The university said that data obtained during the breach included names, addresses, phone numbers, dates of birth, emergency contact details, Tax File Numbers, payroll information, bank account details, student academic records, and student academic transcripts.
The Australian Catholic University also in June revealed details of a smaller scale data breach.
In total the OAIC received 245 breach notifications during the quarter, compared to 215 in the prior quarter.
The OAIC said that during the period around a third of the data breaches reported to it involved compromised credentials.
“The fact that there is a human factor involved in so many cases demonstrates the need for staff training to increase awareness of cyber risks and to take the necessary precautions,” said Australian Information Commissioner and Privacy Commissioner Angelene Falk in a statement.
The majority – 62 per cent – of breaches related to malicious or criminal attacks, the OAIC report revealed.