The Office of the Australian Information Commissioner (OAIC) has released its quarterly report on the Notifiable Data Breaches scheme for July to September 2018.

It shows 245 data breaches affecting personal information were notified to individuals and the OAIC between July and September 2018.

Malicious or criminal attack caused 57 percent of breaches, with 37 percent resulting from human error and 6 percent from system faults.

A “system fault” is described as the disclosure of personal information on a website due to a bug in the web code, or a machine fault that results in a document containing personal information being sent to the wrong person or a coding error which allows an individual to access another individual’s online account.

Most data breaches in the period involved the personal information of 100 individuals or fewer (63 percent of data breaches).

Data breaches affecting between 1 and 10 individuals comprised 41 percent of the notifications.

Financial details were disclosed in 110 notices (45%).

From July to September 2018, the top sector to report notifiable data breaches was the private health service provider sector (health sector) (18 per cent). The second largest source was the finance sector (14 percent). This was followed by the legal, accounting and management services sector (14 percent), the private education sector (education) (7 percent), and the personal services sector (5 percent).

The majority of data breaches in the finance sector were the result of human error (17 notifications), followed by malicious or criminal attacks (16 notifications). System fault accounted for 6 percent of data breaches (2 notifications).

When data breaches affect multiple entities, the OAIC may receive multiple notifications relating to the same data breach. Notifications to the OAIC relating to the same data breach incident are counted as a single notification in this report.