Five data breaches in six months hit millions of Australians

Three data breaches in the second half of last year compromised the private information of millions of Australians in addition to the enormous Medibank and Optus cyberattacks that triggered public outrage.

Figures released on Wednesday by the Office of the Australian Information Commissioner show five breaches affected between 1 million and 10 million Australians between July and December 2022.

The figures do not name the entities breached or the exact size but confirm a sharp rise in major cyberattacks and privacy breaches in Australia. The total number of incidents reported to the commissioner was up 26 per cent over the previous period while the number of breaches that affected more than 5000 Australians rose 67 per cent to 40.

Along with Medibank and Optus, Woolworths’ subsidiary MyDeal disclosed a breach affecting an estimated 2.2 million people in October last year. The breaches could also be from overseas companies that affected Australians.

Criminal attacks accounted for 70 per cent of breaches, with the rest a result of problems such as human error and system faults. The healthcare, finance, insurance, professional services and recruiting industries reported the most breaches, in that order.

Loading

Data breaches have to be reported to the commissioner’s office when a company, group or government entity loses control of personal information that is likely to result in serious harm that cannot immediately be remediated.

Commissioner Angelene Falk said cyber incidents were having a serious effect on the community.

“Organisations should take appropriate and proactive steps to protect against and respond to a range of cyber threats,” Falk said in a statement. “This starts with collecting the minimum amount of personal information required and deleting it when it is no longer needed.”

Three data breaches in the second half of last year compromised the private information of millions of Australians in addition to the enormous Medibank and Optus cyberattacks that triggered public outrage.

Figures released on Wednesday by the Office of the Australian Information Commissioner show five breaches affected between 1 million and 10 million Australians between July and December 2022.

The figures do not name the entities breached or the exact size but confirm a sharp rise in major cyberattacks and privacy breaches in Australia. The total number of incidents reported to the commissioner was up 26 per cent over the previous period while the number of breaches that affected more than 5000 Australians rose 67 per cent to 40.

Along with Medibank and Optus, Woolworths’ subsidiary MyDeal disclosed a breach affecting an estimated 2.2 million people in October last year. The breaches could also be from overseas companies that affected Australians.

Criminal attacks accounted for 70 per cent of breaches, with the rest a result of problems such as human error and system faults. The healthcare, finance, insurance, professional services and recruiting industries reported the most breaches, in that order.

Loading

Data breaches have to be reported to the commissioner’s office when a company, group or government entity loses control of personal information that is likely to result in serious harm that cannot immediately be remediated.

Commissioner Angelene Falk said cyber incidents were having a serious effect on the community.

“Organisations should take appropriate and proactive steps to protect against and respond to a range of cyber threats,” Falk said in a statement. “This starts with collecting the minimum amount of personal information required and deleting it when it is no longer needed.”