Home Affairs Minister Clare O'Neil has called on Australian telecommunication giant Optus to take responsibility for the recent massive data breach and provide free credit monitoring to millions of customers impacted.
She noted that a security breach of this size shouldn’t be expected in a large telco provider and said that it will “result in fines amounting to hundreds of millions of dollars” in other jurisdictions.
O'Neil, who introduced new cyber security protections on Monday, said the government is working with the telco giant, the federal police, the Australian Cyber Security Centre, the competition watchdog and the financial regulator to mitigate the breach’s fallout.
Optus revealed on Sep. 22 that cybercriminals have illegally accessed the personal records of 9.8 million Australians, including details such as driver’s licence, passport numbers, email addresses and physical addresses. With about 40 percent of Australia’s population victimised, the data breach is considered one of the biggest of its kind in the country’s history.
The company has alerted and apologised to customers over the incident, but the home affairs minister said it should do more.
“The breach is of a nature that we should not expect to see in a large telecommunications provider in this country,” the minister told parliament on Monday.
“We expect Optus to continue to do everything they can to support their customers and former customers.
“One way they can do this is providing free credit monitoring to impacted customers. This will help protect those customers from identity theft, and I call on Optus to make that commitment today ... The most affected customers will be receiving direct communications from Optus over the coming days on how to start their subscription at no cost.”
“Put yourself into the shoes of an Optus customer. You might be one of the member of Gilmore’s constituents living in Bateman Bay; you might be a pensioner whose information has been stolen.”
Meanwhile, Optus will also potentially face a class action filed by law firm Slater and Gordon on behalf of customers affected by the cyber attack.
“This is potentially the most serious privacy breach in Australian history, both in terms of the number of people affected and the nature of the information disclosed,” class action senior associate Ben Zocco said.
“We consider that the consequences could be particularly serious for vulnerable members of society, such as domestic violence survivors, victims of stalking and other threatening behaviour, and people who are seeking or have previously sought asylum in Australia.”Government to Crack Down on Cyber Hackers
In a bid to ramp up cyber security requirements, the government has unveiled
a new bill that will see
people committing ransomware attacks and extorting victims of unauthorised access be sentenced to up to 10 years in prison. Cybercriminals targeting critical infrastructure assets will face up to 25 years, while those obtaining data by unauthorised access or modification will be imprisoned for five years.
Clare O’Neil told parliament that the bill “hits the cybercriminals where it hurts the most, and that’s in their hip pocket.”
Prime Minister Anthony Albanese called the incident a “huge wake-up call for the corporate sector” in terms of protecting data.
The Australian on Monday reported that a person claiming to have launched the cyber ransom has demanded Optus to pay $1 million in the cryptocurrency Monero within one week before selling it to the dark web. “Optus if you are reading! Price for us to not sale (sic) data is 1.000.000$US! We give you 1 week to decide,” the user wrote on data leak website breachForums.
“Buyers, price for users data 150.000$US. Price for addresses data 200.000$US. Together 300.000$US. Exclusive sale cost 1.000.000$US total. No sale will be made for 1 week until Optus reply.”
Friends Read Free