Australia’s current administration is calling for tougher privacy laws, following last week’s cybersecurity breach that compromised the personal data of 9.8 million Optus customers. Describing the cyberattack as “not a technological challenge”, the government says the breach should never have happened and Optus should pay to rectify the situation.
When customers give companies their personal data, they expect the information to be held securely, Australian Prime Minister Anthony Albanese has said. said in parliament Wednesday. Calling the Optus data breach a “great concern”, he said the incident should serve as a wake-up call for Australian businesses.
The mobile operator reported a security breach last week which it said compromised various customer data, including dates of birth, email addresses and passport numbers. Information belonging to both current and former customers was affected, Optus said, which its CEO, Kelly Bayer Rosmarin, said was the result of a “sophisticated” attack that infiltrated multiple layers of security.
The phone company, however, has yet to provide additional details on how the breach occurred or which systems were breached. Local reports pointed to an online API (application programming interface) that apparently did not require authentication or authorization to access customer data.
Albanese said the government was working with Optus to obtain the information necessary “to conduct a criminal investigation” led by the Australian Federal Police, in cooperation with the FBI.
“We know this breach should never have happened,” the prime minister said. “It’s clear we need better national laws after a decade of inaction to manage the huge amount of data companies collect on Australians, and clear consequences when they don’t manage it well.”
He rejected calls from the opposition party asking the government to pay for replacement passports, arguing instead that Optus should be made to cover those costs. Taxpayers should not be forced to pay for a problem resulting from Optus’ own failures to regulate cybersecurity and privacy, he said, adding that the Foreign Secretary had asked Optus to cover the associated costs.
Optus is a wholly owned subsidiary of Singapore telecommunications group, Singtel.
Albanese added that the government was looking to strengthen local laws as part of its current review of the Privacy Act.
According to Australian Home Secretary Clare O’Neil, the country was about five years behind where it should be when it comes to cyber protection. “It’s just not good enough,” said O’Neil, who is also cybersecurity minister.
“What happened at Optus was not a sophisticated attack. We shouldn’t have a telecom provider in this country that effectively left the window open for data of this nature to be stolen,” he said. she declared.
Description of breach as unacceptable, she added that the incident was a major mistake on Optus’ part. “They are guilty,” said the minister. “The cyber hacking undertaken here was not particularly technologically challenging.”
She added that a breach of such magnitude, involving a company like Optus, would have resulted in significant financial penalties in other countries. Instead, in Australia the maximum fine was just A$2.2 million under the Privacy Act, which she said was ‘totally inappropriate’ .
O’Neil further noted that while she was able to set minimum cybersecurity standards for businesses in multiple industries, she was unable to do so for telecom operators, who had stuck to deviation from the country’s existing laws on the grounds that their standards were high enough. and they were sufficiently regulated by other laws.
This was clearly not the case, as the recent breach demonstrated, she said.
Stressing the need to strengthen the country’s privacy laws, the minister said devices were increasingly connected to the internet. “It’s a very clear message to me, to Australians and to Australian businesses, that we need to raise the standards here and we need to do better to protect Australians.”
She said the government’s current review of the law would look at a range of issues, including what powers she had to impose minimum cybersecurity standards that could have prevented the Optus breach from happening.
“This is an important alarm signal”, she says. “What this tells us is that companies that thought of themselves as cybersecurity experts are failing on these types of attacks.”
O’Neil also revealed in a statement on Tuesday that customers’ health insurance numbers were compromised in the Optus breach, which were not initially disclosed as part of the data affected by the attack.
She further expressed concern over reports that personal information stolen in the breach was now being offered for free and for ransom.
RELATED COVERAGE
#Australian #government #Optus #pay #data #breach