Skip to main content

The ACSC urges organisations to step up efforts to protect themselves from cyber criminals, after the December quarter Notifiable Data Breaches Quarterly Statistics Report revealed an increase in reported malicious or criminal activity.

The Office of the Australian Information Commissioner (OAIC) report found that malicious or criminal activity was the leading cause of data breaches in the quarter at 64 per cent of notifications, an increase from the previous quarter's 57 per cent.

'This OAIC report is a further reminder that Australia's commercial secrets are an attractive target for cyber criminals, and compromised credentials can be an easy way in,' said Alastair MacGibbon, Head of the ACSC.

'Many cyber incidents in this quarter appear to have exploited vulnerabilities involving a human factor, such as clicking on a phishing email and disclosing passwords,' Mr MacGibbon said.

The ACSC has worked with the OAIC to provide prevention strategies for organisations and agencies.

'There is no room for complacency, as we saw in December when the Australian Government confirmed the global hack of Manager Service Providers (MSPs), including Australian organisations. In response, we are rolling out a new information sharing program at our Joint Cyber Security Centres (JCSCs) around the country to help strengthen defences.

'We again urge MSPs to sign up to this program, to demonstrate their commitment to protecting themselves and their customers.'

The OAIC Notifiable Data Breaches released today captured notifications received from October to December 2018 under the Australian Government's Notifiable Data Breaches (NDB) scheme.

Under the scheme, organisations and agencies regulated under the Privacy Act must notify individuals and the OAIC when data breaches are likely to result in serious harm.

Malicious or criminal attacks accounted for 168 data breaches this quarter, while human error accounted for 85 data breaches. System faults accounted for nine breaches.

Malicious or criminal attacks differ from human error breaches in that they are deliberately crafted to exploit known vulnerabilities for financial or other gain.

For more information, read the December quarter Notifiable Data Breaches Quarterly Statistics Report and read advice available on the OAIC website.