(Reuters) – Australia plans to tighten privacy rules to force companies to notify banks more quickly when they experience cyberattacks, Prime Minister Anthony Albanese said on Monday, after hackers targeted the country’s second-largest telecoms company.
Optus, which is owned by Singapore Telecoms Ltd., said last week that the home addresses, driver’s license and passport numbers of up to 10 million customers, or about 40% of the population, were compromised in one of Australia’s largest data breaches.
The attacker’s IP address, or unique identifier for a computer, appeared to move between countries in Europe, the company said, but declined to specify how security was breached. Australian media reported that an unidentified party had demanded $1million in cryptocurrency for data in an online forum but Optus has not commented on its authenticity.
Albanese called the incident “a huge wake-up call” for the corporate sector and said there were some state actors and criminal groups that wanted to access people’s data.
“We want to make sure … that we change some of the privacy regulations there so that if people get caught like this, the banks can be notified, so they can protect their customers as well,” he told BC radio station 4.
Cybersecurity Minister Clare O’Neil said Optus was responsible for the breach, noting that such lapses in other jurisdictions would be met with hundreds of millions of dollars in fines, an apparent reference to European laws that fine companies 4% of global revenue for privacy breaches. .
“A key question is whether the cyber security requirements that we place on major telecommunications providers in this country are fit for purpose,” O’Neil told parliament.
Optus said it would offer the most affected customers free credit monitoring and identity protection with credit bureau Equifax Inc. for a year. It did not say how many customers the offer applied to.
The telco has now alerted all customers whose driver’s license or passport number was stolen, an email said. Payment details and account passwords have not been compromised, it added.
Australia has sought to strengthen cyber defences, pledging in 2020 to spend A$1.66 billion ($1.1 billion) over the decade to strengthen network infrastructure for businesses and homes.