The Office of the Australian Information Commissioner has published their report on notifications received by them under the Notifiable Data Breaches (NDB) scheme between 1 April 2019 and 30 June 2019.

Malicious or criminal attacks accounted for 151 data breaches in the quarter, while human error accounted for 84 data breaches. System faults accounted for 10 data breaches.

Data breaches caused by human error included sending personal information to the wrong recipient via email (35 percent), unauthorised disclosure through the unintended release or publication of personal information (18 percent), as well as the loss of paperwork or data storage device (12 percent).

In the quarter the unintended release or publication of personal information affected the largest number of people (an average of 9,479 affected individuals per data breach). Failure to use BCC when sending emails affected an average of 601 individuals per data breach.

From April to June 2019, the top sector to report data breaches under the NDB scheme was the private health service provider sector (health sector) (19 percent). The second-largest source of data breaches was the finance sector (17 percent). This was followed by the legal, accounting and management services sector (10 percent), the private education sector (education) (9 percent), and the retail sector (6 percent).