Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

NSW IPC reports government, councils and universities suffered 52 data breaches in 7 months

NSW universities, government agencies, and councils collectively reported 52 data breaches in the seven months ending in June of this year, resulting in more to be done to bolster cyber security.

user icon Daniel Croft
Fri, 04 Oct 2024
NSW IPC reports government, councils and universities suffered 52 data breaches in 7 months
expand image

The numbers were recorded as part of the first reporting period of the state’s Mandatory Notification of Data Breach (MDBN) Scheme, with 34 impacting government agencies, nine impacting councils, and nine impacting universities, three of which impacted over 5,000 people.

Of those affecting government agencies, roughly four out of five (79 per cent) were the result of human error, while the remaining 20 per cent were the result of threat actors and cyber attacks.

Additionally, roughly one-third took between one to six months to inform the Information and Privacy Commissioner (IPC) NSW. Agencies are required to notify the IPC within 30 days, or submit a written extension if more than 30 days are needed to assess the breach.

============
============

For data breaches affecting universities, almost half (44 per cent) of the breaches were the result of cyber attacks and malicious incidents.

The IPC published its findings earlier this week (2 October) regarding the latest reporting period and said that while the numbers were generally average, besides a sharp increase in May and June, more needed to be done.

“The overall number of notifications received in the first seven months of the MNDB Scheme was moderate, although the results show early indications of an increase in notifications towards the end of the reporting period,” said the IPC, adding that as the MNDB scheme matures, it expects the number of notifications to reflect that.

“Investment to uplift ICT security and staff capability are key to improving the safety and security of personal information held by agencies.”

The IPC also said that agencies should develop and maintain data breach policies and ensure that they are ready to respond “in a timely, effective and efficient manner that succeeds in limiting the harm to individuals”.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.