by George Nott

Australia leads APAC for data breaches

Sep 21, 2016
Business Continuity Compliance Data Center

More data breaches have been reported in Australia than anywhere else in the APAC region so far this year, according to a security index.

The Gemalto Breach Level Index recorded 22 incidents in Australia in the first half of the year, far more than the 13 recorded in India and seven in Japan and New Zealand.

The APAC region accounted for 8 per cent of incidents worldwide, compared with 79 per cent that targeted North America.

The index assigns a risk score to each publicly disclosed data breach, based on the number of records compromised, the type of data, the source of the breach, how the data was used, and whether or not the data was encrypted.

The most severe incident in Australia so far this year was Menulog, which suffered from a breach of 1.1 million records leaving customer names, addresses, order histories and phone numbers exposed.

The next most significant breach was on, an online dating portal for Muslim singles, during which 67,118 customer records were dumped online by a hacker.

Others rated as severe include breaches of customer accounts on The Sydney Morning Herald and The Age Digital Editions, the Do Not Call Register and industry group CompTIA.

Recruitment agency Sarina Russo exposed client financial records in May after they were dumped in a bin next to the office, while the disability information of nearly 7,000 current and former students of the University of Sydney were exposed in breach in February.

“Over the past twelve months, hackers have continued to go after both low hanging fruit and unprotected sensitive personal data that can be used to steal identities,” said Jason Hart, CTO for data protection at Gemalto.

“The theft of user names and account affiliation may be irritating for consumers, but the failure of organisations to protect sensitive personal information and identities is a growing problem that will have implications for consumer confidence in the digital services and companies they entrust with their personal data.”

Worldwide, for the first six months of 2016, identity theft was the leading type of data breach, accounting for 64 per cent of all data breaches, up from 53 per cent in the previous six months. Malicious outsiders were the leading source of data breaches, accounting for 69 per cent of breaches, an increase from 56 per cent in the previous period.

Across industries, healthcare accounted for 27 per cent of data breaches, however it accounted for only 5 per cent of compromised records. Government accounted for 14 per cent of all data breaches, but represented 57 per cent of compromised records.

“In this increasingly digital world, companies, organisations and governments are storing greater and greater amounts of data that has varying levels of sensitivity. At the same time, it is clear that data breaches are going to happen and that companies need to shift from a total reliance on breach prevention to strategies that help them secure the breach,” added Hart.

“That is why more focus needs to be understanding what really constitutes sensitive data, where it is stored, and using the best means to defend it. At the end of the day, the best way to protect data is to kill it. That means ensuring user credentials are secured with strong authentication and sensitive data is protected with encryption so it is useless to the thieves.”

Globally, there were 974 reported data breaches and more than 554 million compromised data records in the first half of 2016, compared to 844 data breaches and 424 million compromised data records in the previous six months. More than half of the reported breaches did not disclose the number of compromised records at the time they were revealed.