At least 10m records compromised in single Australian data breach despite drop in NDB reports

Credit: ID 106350664 © Stepanenko Oksana |

The number of reported Australian data breaches declined last quarter for the first time since the Notifiable Data Breaches (NDB) scheme began over a year ago – but a disproportionate number of healthcare breaches, and a surge in the proportion of malicious or criminal attacks, suggest that the change isn’t necessarily a sign that businesses are getting better about data security.

The Office of the Australian Information Commissioner (OAIC) was notified about 215 data breaches during the first calendar quarter of 2019, the latest Notifiable Data Breaches Quarterly Statistics Report revealed.

The volume of breaches – an average of 72 breaches per month – was down from 242 in the first full quarter of reporting – the period ending June 2018 – and 245 notifications in the first quarter of the current financial year.

The OAIC received 262 breach notifications in the last quarter of 2018.

John Donovan, ANZ managing director of security firm Sophos, was concerned that the healthcare sector – which reported 58 breaches, well ahead of finance (27), legal (23), education (19) and retail (11) – retained the dubious honour of being Australia’s most-breached industry.