Breaches reach recent height
Australia is facing an escalating data security crisis, with data breaches reaching a three-and-a-half-year high.
In the first half of 2024, 527 breaches were reported to the Office of the Australian Information Commissioner (OAIC), a nine per cent increase from the previous six months, and the highest since late 2020.
Privacy Commissioner Carly Kind has warned of the growing threat to Australians’ privacy. “Almost every day, my office is notified of data breaches where Australians are at likely risk of serious harm,” she said, noting the potential consequences of identity theft, emotional distress, and even physical harm.
Malicious and criminal attacks made up 67 per cent of all breaches, with 57 per cent linked to cyber security incidents.
The health sector and Australian Government accounted for the most notifications, at 19 and 12 per cent, respectively.
The most significant breach involved MediSecure, impacting 12.9 million people - the largest since the scheme began in 2018.
Six years on from the Notifiable Data Breaches scheme's introduction, the OAIC has raised its expectations of organisations.
“We are moving into a new era in which our expectations of entities are higher,” said Kind, pointing to recent enforcement actions against Medibank and Australian Clinical Labs as a clear signal that compliance is not optional.
The report’s release aligns with the government’s proposed Privacy and Other Legislation Amendment Bill 2024.
The Bill aims to strengthen enforcement by introducing higher penalties and clarifying obligations, such as mandatory data encryption and secure system access.
While welcoming the changes, Commissioner Kind stressed that more reform is needed to ensure organisations build the highest security standards into their operations.