Australia plans to change privacy rules after huge cyber attack on Optus

Optus last week revealed databases containing up to 10 million customers' information were compromised.

SYDNEY - Australia plans to change privacy rules, allowing banks to be alerted faster to cyber attacks on companies, Prime Minister Anthony Albanese said on Monday, after hackers targeted the country’s second-largest telecoms firm.

Optus, owned by Singapore Telecommunications, last week revealed databases containing home addresses, drivers licences and passport numbers of up to 10 million customers - about 40 per cent of Australia's population - were compromised in one of the biggest data breaches in the country.

The attacker’s IP address, or unique identifier of a computer, appeared to move between countries in Europe, the company said, but declined to detail how security was breached. 

Australian media reported an unidentified party had demanded US$1 million (S$1.44 million) in cryptocurrency for the data in an online forum but Optus has not commented on its authenticity

Mr Albanese called the incident “a huge wake-up call” for the corporate sector, saying there were some state actors and criminal groups who wanted to access people’s data.  

“We want to make sure ... that we change some of the privacy provisions there so that if people are caught up like this, the banks can be let know, so that they can protect their customers as well,” he told radio station 4BC.  

Cybersecurity Minister Clare O’Neil said Optus was responsible for the breach and noted such lapses in other jurisdictions would be met with fines in the hundreds of millions of dollars, an apparent reference to European laws that penalise companies 4 per cent of global revenue for privacy breaches.

“One significant question is whether the cyber security requirements that we place on large telecommunications providers in this country are fit for purpose,” Ms O’Neil told Parliament.  

Optus said it would offer the most affected customers free credit monitoring and identity protection with credit agency Equifax Inc for a year. It did not say how many customers the offer applied to.  

The telco has now alerted all customers whose driving licences or passport numbers were stolen, it said in an emailed statement. Payment details and account passwords were not compromised, it added.

Australia has been looking to beef up cyber defences and pledged in 2020 to spend A$1.66 billion (S$1.55 billion) over the decade to strengthen the network infrastructure of firms and homes. REUTERS

Join ST's Telegram channel and get the latest breaking news delivered to you.