The Office of the Australian Information Commissioner (OAIC) periodically publishes statistical information about notifications received under the Notifiable Data Breaches (NDB) scheme to assist entities and the public to understand the operation of the scheme. This report captures notifications made under the NDB scheme for the period from 1 July to 31 December 2020.
- 539 breaches were notified under the scheme, an increase of 5% from the 512 notifications received from January to June 2020.
- Malicious or criminal attacks (including cyber incidents) remain the leading source of data breaches, accounting for 58% of notifications.
- Data breaches resulting from human error accounted for 38% of notifications, up 18% from 173 notifications to 204.
- The health sector remains the highest reporting industry sector, notifying 23% of all breaches, followed by finance, which notified 15% of all breaches.
- The Australian Government entered the top 5 industry sectors to notify data breaches for the first time, notifying 6% of all breaches.
- 68% of data breaches affected 100 individuals or fewer.
- 78% of entities notified the OAIC within 30 days of becoming aware of an incident that was subsequently assessed to be an eligible data breach.