There have been 63 notifiable data breaches (NDBs) to the Office of the Australian Information Commissioner (OAIC) since mandatory reporting began on 22 February 2018.
The finance sector was the third-highest reporter of NDBs, with eight in total. Health service providers reported 15 breaches in total, while the legal/accounting and management sector accounted for 10.
Thirty per cent of the 63 NDBs involved breaches of financial details, while the majority (78 per cent) also included contact information (such as name, email address, home address or phone number).
Just over half (32) of the 63 NDBs were the result of human error, while 28 were the result of "malicious or criminal attack", according to the OAIC report.
"Malicious or criminal attacks usually involve the theft of personal information, or cyber security incidents resulting from unauthorised access to an entity’s systems," said the report.
Seventy-three per cent of eligible data breaches reported involved the personal information of under 100 individuals.
Three of the breaches affected between 10,000 and 99,999 people, according to the OAIC.
APRA made it clear to super fund trustees in March 2018 that they are responsible for the data security of their service providers.