Data breach numbers dropped significantly in the first half of the year but efforts by financial services companies to improve data security had limited results, with the sector reporting the second highest number of breaches. According to the Office of the Australian Information Commissioner’s latest data breach report, there were 409 notifiable breaches in the six months to June – down 16 per cent from the prior six months. Health services providers reported the highest number of breaches, at 63, followed by financial services companies (54 breaches), recruitment agencies (33) legal-accounting and management services (26) and insurance (25). Seven per cent of breaches reported by financial services companies took 12 months or more to detect and another 11 per cent took between four and 12 months to detect. Malicious or criminal attacks were the leading cause of data breaches, including ransomware attacks, stolen credentials, phishing, hacking and malware. Twenty-three of the breaches reported in the six months to June affected 5000 or more people. Personal information involved in breaches included contact information, identity information, financial details, health information and tax file numbers. An OAIC consumer survey found that 76 per cent of people whose data was involved in a breach experienced some harm as a result. Close to half (47 per cent) said they would close an account or stop using a product or service provided by an organisation that experienced a data breach. “However, most Australians are willing to remain with a breached organisation, provided the organisation takes action promptly,” the report said.