Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
So-called “mega-breaches” have risen to an alarming two every month reported in Australia, according to new research.
A new study of notifiable data breaches reported to the Office of the Australian Information Commissioner (OAIC) has revealed that “mega-breaches” have gone from happening less than once a year to two every month.
Australian security firm StickmanCyber’s The Rise of Australian Mega Data Breaches report studied every notifiable data breach report made to the OAIC since it was formed, with a particular focus on breaches affecting one million people or more.
StickmanCyber requested the details of more than 6,000 reports from the OAIC through a freedom of information request and provided its own analysis.
The research found that mega-breaches impacting Australians occurred just twice in the period between the beginning of 2018 and the end of 2021. However, over the next 24 months to the end of 2023, there were 12 such breaches.
“Like the stock market, we expect national data breach figures to rise steadily over the long term, with little fluctuations along the way,” StickmanCyber CEO Ajay Unni said in a statement.
“For mega-breaches to increase so much, so fast, is cause for concern. The problem is that there are now more companies with more data on Australian residents than ever. When they are breached, we are accustomed to the contact, payment, and identification details of millions of people falling into the wrong hands. But we should never accept this as the status quo. Businesses have to do better, or they must leave our data alone.”
StickmanCyber also found that breaches involving more than 1,000 were also on the rise. Smaller breaches such as these have risen 40 per cent over the OAIC’s reporting period.
While the company believes that breaches are generally under-reported in Australia, different sectors respond to them very differently. For instance, the Australian government can be slow to report, taking 30 or more days to report a breach, while the finance and healthcare sectors report the most data breaches.
“The report also shows how different industries diverge on data breach response. The Australian public sector is notably poor at both identifying and responding to breaches in a timely fashion. But at least the public sector is reporting to the OAIC. The data suggests that underreporting is a chronic issue in the private sector. There are suspiciously few breaches in many industries like retail, which we know collect large volumes of data and struggle to protect it,” Unni said.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
