The Office of the Australian Information Commissioner (OAIC) has released its Notifiable Data Breaches Report for January to June 2022

The Office of the Australian Information Commissioner (OAIC) has released its Notifiable Data Breaches Report for January to June 2022.

Australian Information Commissioner and Privacy Commissioner Angelene Falk said the widespread attention on data breaches and statistics for January to June 2022 show areas for ongoing attention.

The OAIC’s twice-yearly reports draw out the industry sectors that report the most breaches, the sources of breaches and areas for improved practice.

The latest report shows the OAIC was notified of 396 data breaches from January to June 2022.

Forty-one per cent of breaches (162 notifications) resulted from cyber security incidents, of which the most common cause was ransomware (51 notifications).

The health sector remains the highest reporting industry sector notifying 20% of all breaches, followed by finance (13%).

You can read the report and the media release on the OAIC website.


Key statistics

·      396 breaches were notified under the scheme, a decrease of 14% compared with 460 notifications in July to December 2021.

·      Malicious or criminal attacks remain the leading source of breaches, accounting for 250 notifications (63% of the total), down 1% in number from 253.

·      Data breaches resulting from human error accounted for 131 notifications (33% of the total), down 31% in number from 189.

·      The health sector remains the highest reporting industry sector notifying 20% of all breaches, followed by finance (13%).

·      Contact information remains the most common type of personal information involved in breaches.

·      91% of breaches affected 5,000 individuals or fewer, while 65% affected 100 people or fewer.

·      71% of entities notified the OAIC within 30 days of becoming aware of an incident.