Australia mulls tougher cybersecurity laws after data breach

CANBERRA, Australia — The Australian government said on Monday it is considering tougher cybersecurity rules for telecommunications companies after Optus, the nation’s second-largest wireless carrier, reported the breach of personal data from 9.8 million customers.

Optus stated last Thursday that it was aware of the cyberattack that had accessed the personal data of 9.8 million people, a fraction of Australia’s population of 26million.

The breach affected “significant amounts” of personal data, said Clare O’Neil, Cybersecurity Minister.

” The breach is not something we should expect to see in this country’s large telecommunications provider,” O’Neil stated.

In certain countries, such a breach could result in fines of up to hundreds of millions of dollar. O’Neil stated.

Australian law doesn’t currently allow for Optus to be fined for the breach.

” A breach of this magnitude and scale will require significant reforms,” O’Neil stated.

” “It is important to ask whether the cybersecurity requirements we place on large telecommunications companies in this country are appropriate for their purpose,” she said.

Australian Federal Police said in a statement that reports the stolen data had already been sold were under investigation.

Australian investigators are working with overseas law enforcement agencies to determine who was behind the attack and to help shield the public from identity fraud, the statement said.

” To protect the integrity and integrity of the criminal investigation the AFP will not disclose what information it has gotten in the first few days of the investigation, police stated.

O’Neil asked Optus to provide credit monitoring for compromised customers to protect them against identity theft. The request was met by the Sydney-based company later Monday.

Optus said it would offer its most affected customers free 12-month Equifax Protect subscriptions. This is a credit monitoring and identity protection service. Optus stated that the unidentified third party had accessed customers’ names, addresses, phone numbers, and email addresses.

Personal data could also include identification documents like driver’s licenses or passport numbers for minorities. O’Neil stated that

Police, as well as other security agencies, worked throughout the weekend to protect customers.

Government agencies were also working with the banking sector to protect customers.

” This is complex. O’Neil stated that although it is technically and legally complex, they are working on a solution.

Prime Minister Anthony Albanese described the breach as a “huge wake-up call for the corporate sector.”

Albany foreshadowed potential changes to privacy provisions so that banks can move more quickly to protect their own customers after such a breach.

” We know that there are actors in today’s world, including state actors but also criminal organizations, who want access to people’s information,” Albanese said to Brisbane Radio 4BC.

Optus chief executive Kelly Bayer Rosmarin said in a statement last week that, “We are devastated to discover that we have been subject to a cyberattack that has resulted in the disclosure of our customers’ personal information to someone who shouldn’t see it.”