The OAIC (Office of the Australian Information Commissioner) has released its Notifiable data breaches report for the first 6 months of 2024. This report analyses and assesses the common themes across all data breaches of which they were notified of during the period January – June 2024.
Before we start, I will emphasise that this is not all breaches, only those which were declared to OAIC. Therefore, there is somewhat of a bias to those industries where there is a regulatory requirement to notify the OAIC of a breach. Companies in industries where there is no requirement to notify OAIC will be less likely to notify that they have suffered or experienced a breach due to the bad publicity this will lead to.
With that disclaimer out of the way, we will go through the most common breach causes which have been reported and offer suggestions on where you can focus on your efforts to help prevent you from becoming involved in the next report!