Malicious or criminal attacks were the largest source of data breaches last quarter and the health and finance sectors were the most targeted, latest national figures show.

One in three breaches were caused by compromised credentials, with login and password information used to gain unauthorised access to personal information.

Australian Information Commissioner Angelene Falk says individuals clicking on a phishing email or reusing passwords across services are among issues identified.

“The fact that there is a human factor involved in so many cases demonstrates the need for staff training to increase awareness of cyber risks and to take the necessary precautions,” she said.

The Office of the Australian Information Commissioner was notified of 245 breaches in the April-June quarter, up from 215 in the first quarter, but down from 262 in the final three months of last year.

The health sector represented 19% of breaches, followed by finance with 17% and legal, accounting and management services with 10%.

Finance includes banks, wealth managers, financial advisers, superannuation funds and consumer credit providers. Insurance is classified as its own sector.

The notifiable data breaches (NDB) scheme came into effect in February last year.

“The reporting regime has been well accepted and the onus is now on organisations to further commit to best practice in combating data breaches and improving response strategies,” Ms Falk said.

“Putting data breaches in the spotlight has heightened awareness of the privacy rights of consumers, who in turn are demanding greater security from the organisations with which they share information.”

Malicious or criminal attacks accounted for 62% of breaches in the recent quarter and of those 151 cases, nearly 70% involved cyber incidents.

Identity protection company SailPoint says the figures suggested firms aren’t heeding the message on cyber security and the finance sector has considerable room for improvement in protecting customer data.

“Criminals target financial firms because they know that’s where the money is,” Asia-Pacific Japan Vice President Terry Burgess said.

“The unfortunate reality is that many businesses continue to take a laissez-faire approach to cybersecurity, which is reflected in these reports.”