Sensitive data of around 10 million customers, or about 40% of the population, were compromised
Australia plans to toughen privacy rules to force companies to notify banks faster when they experience cyber attacks, Prime Minister Anthony Albanese said on Monday, after hackers targeted the country’s second-largest telecoms firm, reports Reuters.
Optus, owned by Singapore Telecoms Ltd., said last week that home addresses, drivers’ licenses and passport numbers of up to 10 million customers, or about 40% of the population, were compromised in one of Australia’s biggest data breaches.
The attacker’s IP address, or unique identifier of a computer, appeared to move between countries in Europe, the company said, but declined to detail how security was breached.
Australian media reported an unidentified party had demanded $1 million in cryptocurrency for the data.
Albanese called the incident “a huge wake-up call” for the corporate sector, saying there were some state actors and criminal groups who wanted to access people’s data.
“We want to make sure … that we change some of the privacy provisions there so that if people are caught up like this, the banks can be let know, so that they can protect their customers as well,” he told radio station 4BC.
Stiffer fines needed - Cybersecurity Minister
Cybersecurity Minister Clare O’Neil said Optus was responsible for the breach and noted such lapses in other jurisdictions would be met with fines in the hundreds of millions of dollars, an apparent reference to European laws that penalize companies 4% of global revenue for privacy breaches.
“One significant question is whether the cyber security requirements that we place on large telecommunications providers in this country are fit for purpose,” O’Neil told parliament.
Australia has been looking to beef up cyber defenses and pledged in 2020 to spend $1 billion over the decade to strengthen the network infrastructure of firms and homes.
“We are devastated to discover that we have been subject to a cyberattack that has resulted in the disclosure of our customers’ personal information to someone who shouldn’t see it,” said Kelly Bayer Rosmarin, Optus CEO, in a statement.
“As soon as we knew, we took action to block the attack and began an immediate investigation. While not everyone maybe affected and our investigation is not yet complete, we want all of our customers to be aware of what has happened as soon as possible so that they can increase their vigilance.”
“Optus has also notified key financial institutions about this matter,” she added.