The Australian Securities and Investments Commission has had four data breaches of its own in the past two years, as well as being caught up in a fifth incident.
The number is revealed in a response [pdf] to a senate inquiry, which also briefly describes the nature of the breaches that ASIC experienced.
Only one of the four breaches was notifiable to the Office of the Australia Information Commissioner (OAIC), it said, although it voluntarily reported the others as well.
“There have been four data breaches within ASIC since January 2022; three were caused by internal human error and the fourth through a system mis-configuration issue,” it said.
“Note [that] none of those data breaches within ASIC were the result of a cyber attack.”
ASIC went on to say it had also experienced a fifth breach “as the result of a successful cyber attack against one of its external legal services providers.”
“ASIC worked with the provider to successfully conclude the investigation and resolve the implications of the breach,” it said.
The commission has taken a strong and ongoing interest in the cyber security postures of regulated entities under its gaze.
It recently suggested small businesses could bolster their efforts in this regard.
The commission has also been focused this year on the risk posed by third-parties in the way they handle data and align to the security profiles and standards of their customers.
Prior to 2022, ASIC was a named victim of the hack on file transfer application maker Accellion.
It was also warned of a search history glitch on one of its sites back in 2019.