Share this article on:
NSW universities, government agencies, and councils collectively reported 52 data breaches in the seven months ending in June of this year, resulting in more to be done to bolster cyber security.
The numbers were recorded as part of the first reporting period of the state’s Mandatory Notification of Data Breach (MDBN) Scheme, with 34 impacting government agencies, nine impacting councils, and nine impacting universities, three of which impacted over 5,000 people.
Of those affecting government agencies, roughly four out of five (79 per cent) were the result of human error, while the remaining 20 per cent were the result of threat actors and cyber attacks.
Additionally, roughly one-third took between one to six months to inform the Information and Privacy Commissioner (IPC) NSW. Agencies are required to notify the IPC within 30 days, or submit a written extension if more than 30 days are needed to assess the breach.
For data breaches affecting universities, almost half (44 per cent) of the breaches were the result of cyber attacks and malicious incidents.
The IPC published its findings earlier this week (2 October) regarding the latest reporting period and said that while the numbers were generally average, besides a sharp increase in May and June, more needed to be done.
“The overall number of notifications received in the first seven months of the MNDB Scheme was moderate, although the results show early indications of an increase in notifications towards the end of the reporting period,” said the IPC, adding that as the MNDB scheme matures, it expects the number of notifications to reflect that.
“Investment to uplift ICT security and staff capability are key to improving the safety and security of personal information held by agencies.”
The IPC also said that agencies should develop and maintain data breach policies and ensure that they are ready to respond “in a timely, effective and efficient manner that succeeds in limiting the harm to individuals”.