The OAIC’s Notifiable Data Breaches Quarterly Statistics Report for October found that the finance industry received 35 data breaches in the third quarter of 2018, only behind the health services sector, which had 45 breaches.
Following that was legal, accounting and management services with 34 breaches, with education and personal services rounding out the top five, with 16 and 13 breaches, respectively.
Of the finance sector’s 35 breaches, 48 per cent (17) of them were due to human error, 46 per cent (16) were due to malicious or criminal attack and the remaining 6 per cent (2) were due to system faults.
Most notifications (74 per cent) in the period from the finance sector involved the personal information of 100 individuals or fewer, the OAIC found.
Breaches impacting between one and 10 individuals comprised 54 per cent of the notifications. Meanwhile, 26 per cent of notifications from the finance sector affected more than 100 individuals.
Out of the 16 malicious or criminal attack breaches in the finance sector, 11 (69 per cent) of those breaches were cyber incidents.
“Of the cyber incidents notified by the finance sector, seven data breaches were related to compromised or stolen credentials (such as phishing or brute-force attacks),” the report said.
“Hacked websites or systems was the source for three notifications, and ransomware for one notification.”
The finance sector captured notifications from entities such as banks, wealth managers, financial advisers, superannuation funds and consumer credit providers.
[Related: Open banking plan could spark ‘scaremongering’]