In the first full quarter of Australia’s Notifiable Data Breaches (NDB) scheme, the Education sector ranked fourth in the number of data breach notifications.
The Office of the Australian Information Commissioner (OAIC) received 242 notifications under the Notifiable Data Breaches (NDB) scheme in the period 1 April to 30 June 2018.Of those, 19 notifications were received from the Education sector.
The private health sector was number one for reporting data breaches with 49 notifications in the quarter, followed by the finance sector with 36 notifications, while legal, accounting and management services rounded out the top three with 20 notifications.
On 31 July 2018 the OAIC released its second quarterly statistical report on data breach notifications received under the scheme, its first full quarter report since the scheme commenced on 22 February 2018.
According to the report malicious or criminal attacks were the largest source of data breaches this quarter, accounting for 59 per cent.
Many cyber incidents in this quarter appear to have exploited vulnerabilities involving a human factor such as clicking on a phishing email or disclosing passwords. Cyber incidents were the largest source of attacks (97 notifications) and included phishing, malware, ransomware, brute-force attack, compromised or stolen credentials and hacking by other means.
…majority of cyber incidents in the top 5 reporting sectors were through phishing, brute-force attacks…
The majority of data breaches involved ‘contact information’, such as an individual’s home address, phone number or email address.
To help prevent cyber incidents, the OAIC advised that entities should implement strong password protection strategies. CyberHound has published a research paper on Password Security which you can download here to explore some valuable password security strategies.
CyberHound commissioned global law firm Norton Rose Fulbright to develop a suite of education-specific data breach resources. These include simple checklists and user-friendly guides for schools to help prevent, and prepare for, a data breach. A key element of these resources is the Privacy Compliance Manual for Schools which you can download for free.