Australian government slams Singtel's Optus for cyber-security breach

The government urged Optus to speed up its notification to 10,200 customers whose personal information was released. PHOTO: REUTERS

MELBOURNE - The Australian government on Sunday levelled its harshest criticism yet against Optus, the second-biggest telecoms company, for a cyber-security breach that affected the equivalent of 40 per cent of the country's population.

The government blamed Optus, owned by Singtel, for the breach, which affected 10 million accounts, urging the company to speed up its notification to 10,200 customers whose personal information was released in one of the country's biggest cyber-security breaches.

"We should not be in the position that we're in, but Optus has put us here," Home Affairs Minister Clare O'Neil told a televised news conference from Melbourne. "It's really important now that Australians take as many precautions as they can to protect themselves against financial crime."

Optus said on Sunday it was working closely with federal and state government agencies to determine which customers need to take any action but was still seeking further advice on the status of customers whose details had expired.

“We continue to work constructively with governments and their various authorities to reduce the impact on our customers,” an Optus spokesman said in e-mailed comments.

The spokesman did not respond to a question on whether Optus had identified how the breach occurred.

The company ran a full-page apology in major Australian newspapers on Saturday for the "devastating" breach that it first reported on Sept 22. An unidentified person later posted online that they had released personal details of 10,000 Optus customers and would keep doing so daily until they received US$1 million (S$1.4 million).

Australian police's operation to find the person or people behind the breach at Optus is "progressing well", Ms O'Neil said, adding that police would provide an update this week.

However, she said Optus needed to step up its efforts to call, not just e-mail, people whose identification data was released online to let them know they are at risk.

Saying now was "a time for real vigilance for Australians", Ms O'Neil urged those who had been notified to cancel their passports or other identification cards and get fresh identification documents as soon as possible.

Five days after being requested, Optus had not handed over information to the government about customers who had provided their Medicare healthcare cards or other social services information for identification purposes for Optus accounts, said Government Services Minister Bill Shorten.

"We call upon Optus to understand that this breach has introduced systemic problems for 10 million Australians in terms of their personal identification," he told reporters at the joint media conference.

"We know that Optus is trying to do what it can, but having said that, it's not enough," Mr Shorten said. "It's now a matter of protecting Australians' privacy from criminals."

Ms O'Neil said Australia needs to reform its cyber-security laws to give the government stronger powers to respond to cyber-security emergency incidents. REUTERS

Join ST's Telegram channel and get the latest breaking news delivered to you.