OAIC: Malicious and Criminal Attacks Cause Most Data Breaches
Malicious or criminal actors caused six in ten data breaches notified to the Office of the Australian Information Commissioner, it said Monday.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
Malicious or criminal attacks include breaches arising from cyberincidents, rogue employees/ insider threats, social engineering/impersonation, and paperwork or data storage devices being stolen, the DPA said. The office said 58% of the breaches involved cybersecurity incidents, of which phishing was the most common. Nearly half of all cyberincidents involved compromised credentials; 25% of attacks involved social engineering/impersonation.
The threat of data breaches is unlikely to diminish, so the office wants to keep organizations armed with data to help them secure their information and ensure they have appropriate breach action plans, said Privacy Commissioner Carly Kind.
In November, the DPA launched a Notifiable Data Breach dashboard to provide information (see 2511040011).