10 Million Australians Implicated in a Single Cyber Attack: OAIC
More than 10-million Australians had their data compromised in a single incident, according to the latest statistics from the OAIC; for reference, the current population of Australia is roughly 25 million- meaning a single data breach hit nearly 40% of Australia’s total population.
The figures have been made public by the Office of the Australian Information Commissioner in its “Notifiable Data Breaches Quarterly Statistics” report, which showed that in the three months between the 1st of January and March 31st, a total of 215 data breach notifications were received by the office; down from 262 that were reported in the previous quarter.
However, the number of Australian citizens implicated in data breaches has ballooned thanks to a single data breach that saw the data of 10 million individuals compromised. Specifics are not known of this widespread attack targeting a range of data from contact to financial, health, tax and even identity information of those caught in its crosshairs.
As ZDNet’s Asha Barbaschow points out, “while the report did not detail the origin of the breach that affected over 10 million individuals,, it did show that the most number of affected individuals from a single finance-related breach was less than 500,000 and the health sector’s three heaviest impacting breaches affected less than 5,000 individuals each.”
Of the 215 data breaches, the OAIC has defined 131 - or 61% - of the attacks as malicious or criminal attacks, which are made up by as cyber incidents like phishing, malware, ransomware, brute-force attacks- even compromised or stolen credentials.
A further 75 data breaches were attributed to human error, while nine breaches were classified as system faults, and 18 breaches were attributed to the theft of paperwork and or storage devices.
“Where human error was concerned,” according to Barbaschow, “the report shows that in 23 cases, the personal information of individuals was email to an incorrect email address. The unauthorised disclosure, such as incorrect release or publication, accounted for 21 of the human error-related incidents -- affecting an average of 36,993 individuals per data breach.”
Running somewhat contrary to the requirements of the GDPR legislation in Europe, “The OAIC said this is the last time the office will report on the NDB Scheme quarterly, with the commissioner to move to releasing information every six months instead.It follows concerns the OAIC is too under resourced to handle its current remit,” according to ZDNet.