Australia’s Privacy Commissioner, Angelene Falk, has called on people and organisations to do more to secure their data, in the face a growing number of serious data breaches – many of them involving financial institutions.
Last week, a former contractor at AMP pleaded guilty to downloading customer information. Yi Zheng downloaded 23 documents of 20 different customers, including their passport and driver’s licence details, and sent them to his personal email. He also attempted to install a “dark web” browser on his work computer.
AMP’s breach is not an isolated incident. The Office of the Australian Information Commissioner received notification of 262 data breaches involving personal information during the December quarter last year.
Breach reports were up 7 per cent, compared with the previous quarter. Almost two-thirds (64 per cent) were the result of malicious or criminal attacks, 33 per cent were the result of human error and 3 per cent were the result of system faults.
Of the 262 breaches, 54 involved private health service providers, 40 involved financial services providers, 23 involved legal, accounting and management services, 21 private education providers and 12 mining and manufacturing companies.
Falk, who is also Australian Information Commissioner, says: “By changing passwords, checking your credit report, and looking out for scams using your personal information, you can help minimise the harm that can result from a data breach.”
The Notifiable Date Breaches scheme was introduced last year, making it compulsory for organisations to notify the OAIC if there has been unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, which is likely to result in serious harm to one or more individuals. Organisations are also obliged to contact people affected by a breach.
The OAIC website has advice for individuals on ways to minimise the risk of a data being stolen and what to do if they are affected by a data breach. Its suggestions include the following:
- Get a copy of your credit report, which is available free from credit reporting agencies Experian, illion and Equifax. The report may show any unauthorised activity or applications for new account made in your name.
- Change passwords regularly and used a strong, unique password for each online account.
- Check privacy and security settings on your social networking profile and never give away account details.
- Don’t accept requests to connect with strangers.
- Don’t use public computers to access your personal information. If you do use a public computer, clear the history, close the web browser and log out before you leave.
- Don’t use Wi-Fi hotspots for sensitive internet use as they are often not secure.
- Check account statements, including credit cards, bank statements, telephone and internet bills, for possible fraudulent activity.