Data Breaches Reach Three-Year Peak, According to OAIC Report

Data breaches hit a three and a half year peak in the first half of 2024, as per the latest statistics released by the OAIC.

The most notable incident was the MediSecure breach, impacting around 12.9 million Australians—the largest number affected since the start of the Notifiable Data Breaches scheme.

This breach highlights the escalating vulnerability of both private and public sectors to data security threats.

The report revealed that malicious and criminal attacks were the prominent cause of data breaches, making up 67 percent of cases, with 57 percent falling under cyber security breaches.

The health sector and Australian government reported the highest number of breaches, accounting for 19 percent and 12 percent of incidents, respectively.

Australian Privacy Commissioner Carly Kind expressed concern over the daily data breach notifications received by her office, putting Australians at risk of severe harm.

She emphasized the inadequacy of current privacy and security measures in dealing with emerging threats and stressed the need for prioritizing improved security measures.

Kind acknowledged the evolution of the Notifiable Data Breaches scheme over the years, holding organizations to higher standards than before.

She highlighted the Privacy and Other Legislation Amendment Bill 2024 introduced by the Australian government to bolster OAIC’s enforcement capabilities and enhance security obligations for organizations.

Recent major breaches, like the Latitude and Optus incidents, have raised significant concerns about data security in Australia.

The Latitude breach, impacting over 14 million individuals, and the Optus breach, affecting nearly 40 percent of the population, have questioned the adequacy of data security policies and practices in the country.