Cyber Criminals “King of the (Data Breach) Jungle”: 61% of all Data Breaches caused by Malicious or Criminal Attacks, according to OAIC Report

By Cameron Abbott, Keely O’Dowd and Max Evans

The Office of the Australian Information Commissioner (OAIC) has released its report on notifications received under the Notifiable Data Breaches scheme for period January to June 2020.

The OAIC reported 518 breaches were notified to it in the relevant period. The OAIC noted a 3% decrease from the 532 breaches notified in the period July 2019 to December 2019. However, there was a 16% increase on the 447 notifications received during January to June 2019.

The Report noted that malicious or criminal attacks, being attacks deliberately crafted to exploit known vulnerabilities for gain, accounted for 317 (61%) of the 518 total breaches during the relevant period. The majority of these “cyber incidents” were linked to malicious actors gaining access to accounts through:

  • phishing attacks or by using compromised account details (133 notifications)
  • ransomware attacks (33 notifications), and
  • hacking (29 notifications) representing additional methods used by perpetrators. 

It is interesting to see the OAIC saw an uptick in data breaches resulting from malicious actors. Since the outbreak of COVID-19, we are seeing a range of COVID-19 related scams and criminal activity, including an increase in ransomware attacks Organisations should continue to remain vigilant against malicious cyber activity by adopting technical and non-technical risk mitigations, such as running staff training, implementing two factor authentication, regularly backing up data, reviewing information security practices and data breach planning and response procedures.

Copyright © 2019, K&L Gates LLP. All Rights Reserved.