Australia intends to modify data privacy laws to enable banks to be alerted faster to cyber assaults on corporations, Prime Minister Anthony Albanese said on Monday, following a series of cyber attacks against the country’s second-largest telecommunication company.
Optus, owned by Singapore Telecoms Ltd (STEL.SI), announced last week that home addresses, driver’s licenses, and passport numbers of up to 10 million customers were compromised in one of Australia’s most significant data breaches. This equals approximately 40% of the population.
The company said that the attacker’s IP address, or unique identifier for a computer, appeared to hop across European countries, but it did not explain how security was breached. “It’s a wake-up call for businesses,” Albanese stated. He added that some government agencies and criminal organizations sought access to people’s data.
“We want to make sure … that we change some of the privacy provisions there so that if people are caught up like this, the banks can be let know so that they can protect their customers as well,” he told radio station 4BC.
Cybersecurity Minister Clare O’Neil told parliament she saw a “very substantial” reform task ahead in resolving a legally and technically complex issue.
“One significant question is whether the cyber security requirements that we place on large telecommunications providers in this country are fit for purpose,” she said.
“In other jurisdictions, a data breach of this size would result in fines amounting to hundreds of millions of dollars.”
In an emailed statement, an Optus company spokesperson said they alerted customers whose driving license or passport numbers were stolen. However, they clarified that the data leak did not compromise payment details and account passwords.
Australia has been beefing up its cyber defenses recently and pledged in 2020 to spend A$1.66 billion (US$1.1 billion) over the next decade to strengthen the network infrastructure of firms and homes vulnerable to attack.
