According to the latest Notifiable Data Breaches Quarterly Statistics Report by the Office of the Australian Information Commissioner (OAIC), there were 36 notifications of data breaches across financial entities such as banks, wealth managers, financial advisers and super funds between 1 April to 30 June 2018.
In the April quarter, only eight notifiable breaches were recorded to the OAIC, representing a 400 per cent increase in data breaches in the last three months.
A quarter (9) of the 36 breaches affected the personal information of only one person, but five breaches involved the information of between 1,001 to 5,000 individuals each.
Eight of the breaches affected potentially up to 100 individuals each, and seven of the 36 breaches impacted anywhere between 101 to 1,000 individuals each.
In April, the finance sector was third on the list ranked by industries most compromised by breaches – but in June the sector rose to second, behind only the health providers sector which received 49 data breaches.
In the finance sector, half (18) of the breaches recorded this quarter were due to human error, 47 per cent (17) to malicious or criminal attacks, and 3 per cent (1) to system faults.
Source: OAIC
“The largest source of data breaches from the finance sector was human error (50 per cent), with examples including sending personal information to the wrong recipient by email (6 notifications) or mail (3 notifications), and unintended release or publication of personal information (3 notifications),” the report said.
Furthermore, when ‘malicious or criminal attacks’ was broken down, ‘cyber incidents’ constituted the most common type of attack.
Source: OAIC
In March 2018, APRA released a draft prudential guide outlining that the security of outsourced business activities must be subject to “appropriate due diligence, approval and ongoing monitoring” by superannuation trustees.