Australia Could Impose Tougher Data Protection Laws After Huge Cyberattack on Optus

Australia might have an immediate response to the largest data breach in the country.

In an immediate response to a cyberattack that stole the personal data of 9.8 million customers from a telecommunications company, Australia may implement strict new data protection laws this year, according to the attorney general.

As reported by AP, Attorney-General Mark Dreyfus declared that the government would implement "urgent amendments" to the Privacy Act in response to the massive breach involving Optus, Australia's second-largest telecommunications operator, last week.

Optus To Cut 350 Jobs
MELBOURNE, AUSTRALIA - APRIL 30: A 'Yes Optus' sign hangs outside of an Optus store on April 30, 2014 in Melbourne, Australia. Optus today announced it would cut 350 jobs in the next four weeks. Optus is Australia's second largest telecommunications company Scott Barbour/Getty Images

Amending the Law

Dreyfus claims it is still feasible for the law to be modified in the four weeks Parliament is still scheduled to sit this year.

Dreyfus also told the AP that stronger sanctions for failing to secure personal data are necessary to stop corporate boards from referring to fines as a "cost of doing business."

According to the attorney general, the amended law would require firms to justify the huge amounts of client data they had stored for years.

The government attributes the massive theft of personal data from current and previous customers to Optus' lax cybersecurity measures, which is a division of Singapore Telecommunications Ltd., or Singtel.

The stolen information includes national health insurance identification numbers, driver's license numbers, and passport numbers that might be exploited for identity theft and fraud.

Officials criticized Optus for not initially revealing the Medicare numbers that were involved in the stolen data. According to AP, this was only made clear on Tuesday, six days after Optus learned about the cyberattack, when the hacker posted the records of 10,000 customers on the dark web.

Rapid Legislative Response

The rapid legislative response stands apart from a more detailed review of the Privacy Act that began three years ago. Critics claim that the 1988-approved rule needs an urgent update for the digital era.

According to the authorities, Optus could face a fine of up to 2 million Australian dollars ($1.3 million) for violating the Privacy Act.

The company could face fines worth hundreds of millions of dollars for a comparable security lapse under EU regulations, as per the Australian government.

Penalties for violations of the Privacy Act should be 10% of the revenue from Australian activities, according to submissions to the review of the Privacy Act.

Kelly Bayer Rosmarin, CEO of Optus, spoke out against the higher fines on Tuesday, saying that she doesn't understand how the penalties would benefit anybody.

Optus said that it was the victim of a complex cyberattack that got through multiple protection levels.

Financial Services Minister Stephen Jones claimed that "fraudsters" and "scammers" were already making use of the stolen data, which includes phone numbers and email addresses, following an urgent meeting with banks and consumer regulators.

Jones told the AP that the cyberattack's impact could not be overestimated since the stolen data represent 38% of Australia's population of 26 million.

He also advised customers of hacked Optus not to activate URLs they received via text or email because they might be from thieves looking to steal further information.

This article is owned by Tech Times

Written by Joaquin Victor Tacla

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics