NSW IPC reports government, councils and universities suffered 52 data breaches in 7 months
NSW universities, government agencies and councils collectively reported 52 data breaches in the seven months ending June this year, calling for more efforts to strengthen cybersecurity.
The numbers were recorded as part of the first reporting period of the state’s Mandatory Data Breach Notification (MDBN) system, with 34 impacting government agencies, nine impacting city councils and nine impacting universities, three of which were impacted more than 5,000 people.
Of the incidents affecting government agencies, approximately four in five (79%) were the result of human error, while the remaining 20% were the result of threat actors and cyberattacks.
Additionally, around a third took between one and six months to notify the NSW Information and Privacy Commissioner (IPC). Agencies are required to notify the IPC within 30 days or submit a written extension if more than 30 days are required to assess the violation.
For data breaches affecting universities, almost half (44%) of breaches were the result of cyberattacks and malicious incidents.
The CPI published its findings earlier this week (October 2) regarding the latest reporting period and said that while the figures were generally average, apart from a sharp increase in May and June, more needed to be done.
“The overall number of notifications received during the first seven months of the MNDB program was moderate, although results show early signs of an increase in notifications towards the end of the reporting period,” the IPC said, adding that as the MNDB program matures, it is expected that the number of notifications will reflect this.
“Investments to strengthen ICT security and staff capacity are essential to improve the safety and security of personal information held by agencies. »
The IPC also said agencies should develop and maintain data breach policies and ensure they are prepared to respond “in a timely, effective and efficient manner, so as to limit harm to individuals “.