December 9, 2022

Australia announces sweeping privacy overhaul after massive cyber attack on Optus

Australia announces sweeping privacy overhaul after massive cyber attack on Optus

Australian Prime Minister Anthony Albanese speaks at the Sydney Energy Forum in Sydney, Australia July 12, 2022. Brock Mitchell/Paul via Reuters/File Photo

Register now to get free unlimited access to Reuters.com

SYDNEY (Reuters) – Australian Prime Minister Anthony Albanese said on Monday that Australia plans to tighten privacy rules to force companies to inform banks faster when they come under cyber attack, after hackers targeted the country’s second-largest telecoms company.

Optus, owned by Singapore Telecoms Ltd (STEL.SI)Last week, he said, the home addresses, driver’s licenses and passport numbers of up to 10 million customers, or about 40% of the population, were compromised in one of Australia’s biggest data breaches.

The company said the attacker’s IP address, or unique identifier for a computer, appears to be transmitted between countries in Europe, but declined to provide details on how the security was breached. Australian media have reported that an unidentified party has requested $1 million in cryptocurrency for data in an online forum, but Optus has not commented on its authenticity.

Register now to get free unlimited access to Reuters.com

Albanese described the incident as a “big alarm bell” for the corporate sector, saying there were some government agencies and criminal groups that wanted access to people’s data.

“We want to make sure … that we change some of the privacy clauses there so that if people are caught this way, the banks can be reported, so they can protect their customers as well,” he told a radio station. 4BC.

Cyber ​​Security Minister Claire O’Neill said Optus was responsible for the breach and indicated that such loopholes in other jurisdictions would be met with fines in the hundreds of millions of dollars, an apparent reference to European laws that penalize companies with 4% of global revenue for privacy breaches. .

“One of the important questions is whether the cybersecurity requirements that we place on the major telecom service providers in this country are fit for purpose,” O’Neill told Parliament.

Optus said it will offer the hardest-hit customers free credit monitoring and identity protection with credit agency Equifax Inc (EFX.N) for a year. He did not mention the number of customers to whom the offer applies.

In an emailed statement, it said the telecom company has now alerted all customers whose driver’s licenses or passport numbers have been stolen. It added that payment details and account passwords were not compromised.

Australia has been looking to bolster cyber defenses and in 2020 pledged to spend A$1.66 billion ($1.1 billion) over the decade to boost corporate and home network infrastructure.

($1 = 1.5309 Australian dollars)

Register now to get free unlimited access to Reuters.com

Additional reporting by Luis Jackson, Ringo Jose, Byron Kay; Editing by Stephen Coates, Clarence Fernandez and Sam Holmes

Our criteria: Thomson Reuters Trust Principles.