Login or request a free trial

Banks taking more than a year to detect data breaches

Banks and other financial institutions are struggling to identify reportable breaches of customer data, according to new statistics published by the Office of the Australian Information Commissioner.

Financial institutions took more than six months to identify at least 14 privacy breach incidents in the half-year to the end of June.

Those incidents accounted for almost 25 per cent of the 57 data breaches reported by the industry in the period.

No other sector was as slow to detect data breaches, with the Australian government the next worst on 15 per cent.

The big worry for major banks and other financial institutions is that many data breaches are not detected for more than a year after they occur.

There were seven such incidents in the June half.

Cybersecurity experts believe that financial institutions are vulnerable to a special form of online attack known as “social engineering” where an online intruder purports to be a customer of the bank.

“With a successful social engineering attack, the financial institution is under the impression there has been a legitimate interaction with their customer,” said Aaron Bugal an engineer at cybersecurity provider, Sophos.

“As such, it’s not until the actual account owner—the victim—realises their account has been fraudulently accessed and contacts the financial institution to challenge them on the events.

“In turn, the victim declares it wasn’t their own actions and the financial institution then needs to start an investigation.”

For many years, the financial services industry has ranked among the top five industries reporting data breaches to the OAIC.

The June half tally (57 breaches) rated the second highest behind the health services sector(85 breaches).

The OAIC found that cyber-attacks and human errors were the main causes of data breaches in financial institutions, but system faults such as technology process errors were also a contributor.

Privacy and data management experts believe financial services providers should be held accountable for the relatively high incidence of privacy breaches.

“Australians trust their financial institutions with often-sensitive personal information,” said Sophos managing director, John Donovan.

“The industry needs to be held accountable for these errors and take steps to appropriately protect the data they are trusted with.”

 

 

 

 

I'm a returning subscriber

Password reset
Login

Request a free trial

  • Emailing you the news at 7am.
  • Covering core lending and funding issues, strategy, payments, regulation, risk management, IT, marketing and more.
  • Original news and summaries of major stories from other media – ditch your newspaper subscriptions.
  • Focused on banking and finance, saving you the time spent wading through newspapers and other services.
  • With reporting from former editors and senior writers from the AFR and The Australian.
  • Configured for your phone, laptop and PC.
Free trial Banking Day