Australian firms reported 464 data breaches in second half of 2021

A person on a laptop to depict hacking
(Image credit: Shutterstock)

There were 464 data breaches reported to Australia’s information commissioner in the second half of last year, an increase of 6% compared with the first half of the year.

The Office of the Australian Information Commissioner (OAIC) periodically publishes statistical information about notifications released under its Notifiable Data Breaches (NDB) scheme to help improve consumer protection and drive better security standards for protecting personal information.

The OAIC published its analysis for the second half of 2021, which revealed that it received 464 notifications during the reporting period, compared to 436 during the first half of the year.

It also found that malicious or criminal attacks remain the leading source of the breaches, accounting for 256 notifications (55% of the total), down 9% in number from the previous half of the year.

Data breaches resulting from human error accounted for 190 notifications (41%). The health sector was also the highest reporting industry sector, notifying 18% of all breaches, followed by finance at 12%.

The most common type of personal information involved in the breaches was contact information. 96% of the breaches affected 5,000 individuals or fewer, while 71% affected 100 people or fewer.

Australian information commissioner and privacy commissioner Angelene Falk said that the NDP scheme was well established after four years of operation.


Minimising downtime risk with resilient edge computing

Add value with on-premise edge computing


“The scheme is now mature and we expect organisations to have accountability measures in place to ensure full compliance with its requirements,” she said. “If organisations wish to build trust with customers, then it is essential they use best practice to minimise data breaches and, when they do occur, they put individuals at the centre of their response.”

However, the OAIC found that some organisations are falling short of the scheme’s assessment and notification requirements. Falk said one of its key objectives is to protect individuals by helping them to respond quickly to a data breach to minimise the risk of harm. Delays in assessment and notification reduce the opportunities for an individual to take steps to protect themselves from harm, said Falk.

Last week, the New South Wales (NSW) government admitted to a data breach that saw over 500,000 addresses leaked through a government website. Locations were collected by the NSW Customer Services Department through a QR code registration system before being made public through a government website. Locations included defence sites, missile maintenance sites, and domestic violence shelters.

Zach Marzouk

Zach Marzouk is a former ITPro, CloudPro, and ChannelPro staff writer, covering topics like security, privacy, worker rights, and startups, primarily in the Asia Pacific and the US regions. Zach joined ITPro in 2017 where he was introduced to the world of B2B technology as a junior staff writer, before he returned to Argentina in 2018, working in communications and as a copywriter. In 2021, he made his way back to ITPro as a staff writer during the pandemic, before joining the world of freelance in 2022.