Australia’s current government is calling for stronger privacy laws, following a cybersecurity breach last week that compromised the personal data of 9.8 million Optus customers. Describing the cyberattack as “technologically unchallenged”, the government said the breach should never have happened and that Optus had to pay to remedy the situation.
When customers provide their personal data to companies, they expect it to be kept safe, Australian Prime Minister Anthony Albanese speak in parliament Wednesday. He called the Optus data breach “a major concern”, saying it should be a wake-up call for businesses in Australia.
Mobile carrier last week Report a security breach that it said compromised various customer data, including dates of birth, email addresses and passport numbers. Optus said the information of both existing and former customers was affected, which CEO Kelly Bayer Rosmarin later said was the result of a “sophisticated” attack that penetrated multiple layers of security.
However, the telecom has yet to provide further details on how the breach happened or which systems were breached. Local reports have indicated an online API (application programming interface) that does not appear to require authentication or authorization for customer data to be accessed.
Albanese said the government was working with Optus to obtain the necessary information “to conduct a criminal investigation” led by the Australian Federal Police in coordination with the FBI.
“We know that this breach should never have happened,” the prime minister said. “It’s clear that we need better national legislation after a decade of inaction to manage the huge amount of data that companies collect about Australians and the obvious consequences when they don’t do it well. “
He rejected calls by the opposition party to ask the government to pay for passports, arguing instead that Optus should be made to cover such costs. Taxpayers should not pay for an issue that is the result of Optus’ own failure to regulate cybersecurity and privacy, he said, adding that the Secretary of State had asked Optus to cover it. related costs.
Optus is a wholly owned subsidiary of Singapore telecommunications group, Singtel.
Albanese added that the government is looking to strengthen local legislation under their current review of the Privacy Act.
According to Australia’s Home Affairs Minister Clare O’Neil, the country is about five years behind when it comes to protecting cyberspace. “It’s simply not good enough,” said O’Neil, who is also Cybersecurity Secretary.
“What happened at Optus was not a sophisticated attack. We should not leave a telecom provider in this country open to such data being stolen,” she said.
Description of violation is unacceptable, she added that the crash was a big mistake on Optus’s part. “They are to blame,” the minister said. “The cyberattack carried out here is not particularly challenging in terms of technology.”
She added that a breach of such scale, involving a company like Optus, would result in significant financial penalties in other countries. Instead, in Australia, the maximum fine is only up to A$2.2 million according to Privacy Actwhich she said was “totally inappropriate”.
O’Neil further notes that while she can set minimum cybersecurity standards for companies in some areas, she cannot do so for telecom companies, The company has kept itself out of the country’s current laws on the basis that their standards are already high enough. and they are fully regulated under other laws.
She said it was clear this was not the case that was proven by the recent breach.
Emphasizing the need to strengthen the country’s privacy laws, the minister said devices are increasingly connected to the Internet. “It’s a really clear message to me, to Australians and to Australian companies, that we have to raise standards here and we have to do better to protect Australians.”
She said the government’s review of the current Act will look at a range of issues, including the power she has to mandate minimum cybersecurity standards that could prevent an Optus breach from happening.
“This is an important wake-up call,” she speaks. “What this tells us is that companies that claim to be experts in cybersecurity are failing these attacks.”
O’Neil also revealed in a statement Tuesday that customers’ Medicare numbers were compromised in the Optus breach, which was not initially disclosed as among the data affected in the attack.
She also expressed concern over reports that personal information stolen in the breach is now being made available for free and for ransom.
RELATED INSURANCE
