The Privacy Commissioner says there has been a 41% increase in serious data breaches since last year.
There's been a "notable" increase in the number of privacy breach notifications which meet the serious harm threshold compared to the last financial year, according to Privacy Commissioner Michael Webster.
In the first half of the previous financial year, there were 147 notifications, while the first half of this financial year has seen 207.
The industries most affected by data breaches are healthcare and social assistance, public administration & safety, services (professional, scientific, technical, administrative and support services), education & training and finance & insurance.
While most of the breaches are caused by human error, the Office of the Privacy Commissioner (OPC) has seen a rise in serious breaches caused by "malicious activity."
The OPC said the most common causes of human error breaches are through email errors and unauthorised sharing - while phishing attacks, email system high-jacking for spam or fraud, and installing malware, including ransomware, were the main causes of malicious breaches.
The numbers come after Wellington-based company Mercury IT was hit by a ransomware attack in December 2021, which compromised sensitive client data.
Webster said that the best way to avoid these kinds of attacks is to report them to the OPC as soon as possible.
"Report it. Report the breach as early as possible. Notifiable privacy breaches should be reported within 72 hours of the breach being identified. We will work with you as you go through a triage response and help guide you to bring your agency through a crisis," he said.
"That means letting this Office know. We are the regulator, and we are here to help support and educate where appropriate. Sharing the learning from these incidents is one way we can help prevent or limit the impact of future cases."
SHARE ME