10th Mar 2020

D

Data security breaches increasing, finance and health hit, according to new report

10th Mar 2020

 

Managing data security continues to be a headache for companies worldwide, with UK high street retailer Boots suspending loyalty card payments last week after attackers attempted to break into customer accounts. That attack came only days after a similar issue had affected some 600,000 Tesco loyalty cardholders.

In Australia, data breaches are also continuing to increase, according to the latest report from the Office of the Australian Information Commissioner (OAIC) under the Notifiable Data Breaches (NDB) scheme.

Data breaches increase by 19%

According to this latest report, 537 breaches were reported from July to December 2019, up 19% from 460 in the previous six months. Malicious or criminal attacks remain the leading cause of data breaches, accounting for 64% of all notifications. Data breaches resulting from human error account for 32% of all breaches. Contact information remains the most common type of personal information involved in a data breach.

Health and finance worst hit

Most data breaches occurred in the health sector, where 22% of all breaches occur. Finance is the second-highest reporting sector, notifying 14% of all breaches.

About the Notifiable Data Breaches report

This latest report captures notifications made under the scheme from 1 July 2019 to 31 December 2019. The Notifiable Data Breaches (NDB) scheme was established in February 2018 to improve consumer protection and drive better security standards for protecting personal information and managing data security.

This is the first statistical report on the NDB scheme to cover a six-month period. The report tracks the leading causes and sources of data breaches. It also highlights emerging issues and areas for ongoing attention by entities entrusted with personal information.

Summary of findings for the July to December 2019 report
  • 537 breaches were notified under the scheme, up from 460 in the previous six months
  • Malicious or criminal attacks (including cyber incidents) remain the leading cause of data breaches, accounting for 64% of all notifications
  • Data breaches resulting from human error account for 32% of all breaches, down from 34% in the last reporting period
  • The health sector is again the highest reporting sector, notifying 22% of all breaches
  • Human error caused 43% of data breaches in the health sector, compared to an average of 32% of all notifications
  • Finance is the second-highest reporting sector, notifying 14% of all breaches
  • Most data breaches affected less than 100 individuals, in line with previous reporting periods
  • Contact information remains the most common type of personal information involved in a data breach.

What is an eligible data breach?

Under the NDB scheme, a data breach is an ‘eligible data breach’ where:

  • there is unauthorised access to or unauthorised disclosure of personal information (or the information is lost in circumstances where unauthorised access to, or unauthorised disclosure of, the information is likely to occur)
  • a reasonable person would conclude it is likely to result in serious harm to any of the individuals whose personal information was involved in the data breach, and
  • the entity has not been able to prevent the likelihood of serious harm through remedial action.

Managing the risk

PCI DSS (Payment Card Industry Data Security Standard) certification is considered the highest standard of data security in Australia and is used by banks and other major financial institutions where payment card data, such as credit card numbers, are held or used. Working with a number of Australia’s largest financial bodies, mmw3degrees holds PCI DSS certification.

Because PCI DSS certification is hard to achieve and too expensive for many smaller suppliers, it can be challenging to find a mailing house or marketing automation company managing data security in this way.

Protecting customer data is not only a legislative requirement, it’s essential to preserve the trust of the customer. According to a recent survey carried out by Cisco, 84% of respondents said they care about privacy and data security management and 48% say they have switched companies over their data policies or practices.

mmw3degrees is proud to be able to provide our customers with this standard of data security management. Successfully participating in more than six client Information Security and Risk audits per year, we also ensure we stay ahead of changes to regulations and compliance, communicating to our clients in advance and assisting with change management.

Read more about our data services here, or simply contact us for more information.

About the author: Juliet McGuiness is Governance, Risk and Compliance Specialist at mmw3degrees as well as being a nature lover and motoring enthusiast. You can read more about Juliet here.