Australia updates law to protect data after Optus hack
The Australian government has announced changes to its telecommunications law to protect vulnerable customers after personal details were stolen in a major cyberattack on the nation’s second-largest wireless carrier
Australia updates law to protect data after Optus hack
Show all 2Your support helps us to tell the story
Our mission is to deliver unbiased, fact-based reporting that holds power to account and exposes the truth.
Whether $5 or $50, every contribution counts.
Support us to deliver journalism without an agenda.
Louise Thomas
Editor
The Australian government announced changes Thursday to its telecommunications law to protect vulnerable customers after personal details were stolen in a major cyberattack on the nation’s second-largest wireless carrier.
The changes to Telecommunications Regulations allow Optus and other providers to better coordinate with financial institutions and governments to detect and mitigate the risk of cybersecurity incidents, fraud, scams and other malicious cyber activities, Treasurer Jim Chalmers and Communications Minister Michelle Rowland said in a joint statement.
“What this is all about is to try and reduce the impact of this data breach on Optus customers and to enable financial institutions to implement enhanced safeguards and monitoring,” Rowland told reporters.
More than one in three Australians had personal data stolen when Optus lost the records of 9.8 million current and former customers including passport, driver’s license and national health care identification numbers in a hack discovered on Sept. 21.
The hacker dumped the records of 10,000 of those customers on the dark web last week as part of an attempt to extort $1 million from Optus, a subsidiary of Singapore Telecommunications Ltd., also known as Singtel.
Optus ran full-page ads in Australian newspapers on Saturday under the headline: "We’re deeply sorry.”
The ad included a link to an Optus website that details actions customers can take to avoid identity theft and fraud.
The government can change regulations without reference to the Parliament. But the government hopes to pass changes to the Privacy Act through the Parliament during its final four sitting weeks of 2022 in response to the Optus breach.
The changes would include increased penalties for companies with lax cybersecurity protections and curbs on the quantities and types of customer data that businesses can amass, as well as the duration for which personal information can be kept.
Subscribe to Independent Premium to bookmark this article
Want to bookmark your favourite articles and stories to read or reference later? Start your Independent Premium subscription today.