Data breach affects over 10 million Australian people

Australian authorities have reported that, after conducting an information security audit, they’ve found that more than 10 million people have been affected by a recent data breach incident; this is equivalent to almost 50% of the total population of the country (25 million inhabitants).

The incident was revealed by the Australian Information Commissioner Office (ICO) in compliance with the protocol known as “Notifiable Data Breaches” (NDB).

Although great details are not revealed, as the cause of the incident, it was confirmed that the data breach has impacted more than 10 million Australian citizens, a matter of considerable magnitude compared to the largest data breach previously registered in the country, which affected about 500,000 users.

During the last quarter, ICO received 215 notifications of data breaches, less than the 260 incidents reported in the periods from October to December 2018 and more than 62 reported between January and March 2019, report the Audit specialists of Security.

The information most exposed to security incidents during the last quarter are contact details (name, phone, email address, etc.), financial information and identity details are also an important part of this list.

ICO identified 87 incidents reported as “caused by malicious hacking activities” such as phishing, brute force attacks, malware infections, credential theft, among others, report information security audit experts.

As for the most affected organizations are concerned, the health sector is, again, the most affected by data breach incidents. The list is joined by financial organizations, legal, accounting and administrative services, academic institutions and retail businesses.

According to information security audit specialists from the International Institute of Cyber Security (IICS), the Notifiable Data Breaches (NDB) protocol came into force in the early 2018 and requires any organization working under the 1998 Australian Privacy Act to notify affected people about any incident involving their personal data/information.