Charities reported 108 data breaches to the ICO (Information Commissioner’s Office) for the second quarter of 2019/20.
Latest figures show that this figure – although high – is actually down from the same period last year when 137 breaches were reported to the regulator.
And not surprisingly, most of these incidents were down to human error.
The most common causes of the data breaches were loss or theft of paperwork in an insecure location which accounted for 23 cases.
Four of the incidents were loss or theft of a device containing personal data and seven were caused by data emailed to the wrong recipient. There were seven cases of employees failing to use the blind carbon copy feature when sending emails.
There were also eight cases of phishing attacks, involving email scamming by criminals.
Data breaches
There was a total of 2,984 breaches reported to the regulator during this period.
Health was the sector most affected with 591 breaches, general business had 492 and 298 were from the education and childcare sector.
The ICO had called for better data protection training for staff in September last year following a review of eight charities that uncovered concerns around data monitoring, reporting and training.
And just last week, Charity Digital published its 2020 Cyber Security checklist to protect charities against cyber security threats.
Some of the important tips they gave charities included keeping their anti-virus software up to date and preparing for the rise in 5G.
They also reminded charities that ransomware was a continued threat and that extra care was needed with mobile security.
Research from the government’s latest Cyber Security Breaches Survey estimates that around a quarter of charities report at least one attack a year. One reason may be that charities are seen as easy targets.