Charities reported 137 data security incidents to the Information Commissioner’s Office in the second quarter of 2018/19, according to the latest figures published by the regulator.
The ICO published the latest data breach statistics for the period between July and September 2018, which shows that charities reported 137 data incidents – the exact same number of breaches the sector reported for the first quarter of 2018/19.
The majority of charity incidents (88) involved unlawful disclosure of data with the majority of other incidents (50) relating to various security issues.
Charities reported just 21 security incidents to the ICO in the second quarter of 2017, meaning the increase on the same quarter this year has been over 600 per cent. However, as the ICO itself has made clear, the overall figures across sectors have increased exponentially since the implementation of the General Data Protection Regulation in May of this year.
A total of 4,056 data security incidents were reported to the ICO for the second quarter across all sectors. Charities accounted for just 3.3 per cent of all reported data breaches.
The general business sector reported the highest number of incidents between July and September with 847, followed by the health sector which reported 619 and then education which reported 511.
The ICO said that, in order to keep data secure, organisations should “consider metadata when redacting information, check all data has been redacted and is not reversible before releasing and get someone to double check redactions”.
Charities also report 36 cyber incidents
Alongside the data breaches above, the charity sector was also responsible for reporting 36 separate cyber incidents in the second quarter of 2018/19.
Of these incidents, 18 of these were related to phishing, six involved misconfiguration of hard/software and five related to unauthorised cyber access to information. This was more than double the number of cyber-attacks reported by the charity sector for the first quarter of the year.
There were 675 cyber-attacks reported across all sectors, with general business being responsible for reporting over 300 of them.