Several large-scale data breaches impacted millions of Australians’ personal information in the second half of 2022, as part of a 26% increase in breaches overall, according to the latest Notifiable data breaches report released today.
Australian Information Commissioner and Privacy Commissioner Angelene Falk said cyber security incidents in particular can have significant impacts on individuals, and organisations need to be alert to the risks.
“We saw a significant increase in data breaches that impacted a larger number of Australians in the second half of 2022,” she said.
“Cyber security incidents continue to have a significant impact on the community and were the cause of the majority of large-scale breaches.”
Thirty-three of the 40 breaches that affected over 5,000 Australians were the result of cyber security incidents.
“Organisations should take appropriate and proactive steps to protect against and respond to a range of cyber threats,” Commissioner Falk said.
“This starts with collecting the minimum amount of personal information required and deleting it when it is no longer needed.”
Commissioner Falk said organisations need to be vigilant as large-scale compromises of personal information may lead to further attacks.
“As personal information becomes increasingly available to malicious actors through breaches, the likelihood of other attacks, such as targeted social engineering, impersonation fraud and scams, can increase.
“Organisations need to be on the front foot and have robust controls, such as fraud detection processes, in place to minimise the risk of further harm to individuals,” she said.
The Office of the Australian Information Commissioner has clear expectations of best practice with regard to data breach preparation and response, to ensure individuals are protected from harm.
“In response to a breach, organisations need to provide information to individuals that is timely and accurate.
“As well as setting out the kinds of information breached, the notification must include recommendations about clear steps people should take in response,” said Commissioner Falk.
The reporting period also saw the enactment of the Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022. Among other things, the Act:
“While we will continue to work with organisations to facilitate voluntary compliance, we will use these regulatory powers where required to ensure compliance with the Notifiable Data Breaches scheme,” said Commissioner Falk.
“We also welcome the further proposals to strengthen the Notifiable Data Breaches scheme in the Attorney-General’s Department’s Privacy Act review report.”
Read the Notifiable data breaches report July to December 2022.
1300 363 992
GPO Box 5288 Sydney
NSW 2001
ABN: 85 249 230 937
View all contact details here
We acknowledge the traditional custodians of Australia and their continuing connection to land, sea and community. We pay our respects to the people, the cultures and the elders past, present and emerging.
Leave a Reply