A few days following the publication of the study postulating that 2019 could be the worst year in the history of cyber attacks, Australia has seen the worst cyber attack in the first quarter of this year. The reports were confirmed by the Office of the Australian Information Commissioner (OAIC) in its latest quarterly data breach report.
According to the document, almost half of the Australian population has had their data compromised in one data breach attack. Out of the 25.4 million people that are currently living in Australia, around 10 million of them have been victims of the said single attack.
While the OAIC did not expound on the said attack and has kept mum on what kind of data was compromised, they said that the breach was disclosed to their office under the Notifiable Data Breaches (NDB) scheme between January 1, 2019, and March 31, 2019, and reported it in its Quarterly Statistics Report.
Australia’s NDB scheme was established in February last week. It requires agencies and organizations in the country covered by the Privacy Act of 1988 to notify individuals and other parties whenever there has been a breach or if their personal information has been involved in the data breach mainly if the unauthorized access of those data entails “serious harm. The NDB requires organizations to report as soon as practicable after becoming aware of the breach.
Furthermore, a finance-related breach in Australia also occurred with less than 500,000 victims whose financial data were compromised and the health sector’s three heaviest impacting breaches reach 5,000 individuals each.
The report revealed that there is a total of 215 data breach notification in the first quarter that the OAIC has received. This is interesting because this is a smaller number compared to the 262 reported data breaches between October 2018 to December 2019. Sixty-two of the breaches were published in January, 67 in February, and 86 in March.
61% percent or 131 of the 215 reported and disclosed data breaches were attributed to malicious and criminal attacks, while human errors caused 75 data breaches in total. The rest, according to the report were caused by system failure and unprotected cybersecurity.
Contact information was the frequent target of the attacks with 186 of the disclosed data leaks have compromised contact information. Other disclosed data breaches are related to the financial information of Australians, which includes but is not limited to their credit card numbers and bank account numbers; and the rest are related to their identity information like name and social security number.
The report also showed that among those malicious cyber attacks, 87 were caused by phishing, malware, and ransomware, brute-force attacks, or compromised or stolen credentials.
One of the most talked about the data breach in Australia was the brute-force and DDoS attack against the Australian branch of the automobile giant Toyota earlier this year. Eighteen of the said breaches were targeted to steal paperwork or data storage devices.
Notably, the private health sector especially those who are healthcare providers were the most impacted sector followed by finance. The OAIC has received 58 reports on the private sector and 27 on the financial sector.
A similar report was published this week from the United States reveals that 019 may be the “worst year in the record” for the number of reported and disclosed data breaches and leaks all around the world. The report was published by Risk Based Security (RBS), a technology firm focused on cybersecurity, in their Q1 2019 Data Breach QuickView Report. The said report is an investigation of the different minor and major data breaches that were reported from January to March of 2019.
It was revealed by the Risk-Based Security on May 7th that there were 1,904 publicly disclosed data breaches in the first three months. Aggregately, the breaches were able to expose more than 1.9 billion records which include but are not limited to names, passwords, email addresses, credit card information, phone numbers, and IP addresses.
Executive Vice President (EVP) and head of Cyber Risk Analytics (CRA) at the Risk-Based Security Inga Goddijn said in a comment of the report that “the number of data leaks – both in the form of open, unsecured services and credentials leaks – reached new levels this quarter.
“Researchers are increasingly going public when they discover sizable, unprotected databases containing sensitive information and unfortunately, they aren’t difficult to find when you know where to look.”