Australian government unveils law to protect data after Optus breach
The Australian government has announced changes to its consumer privacy rules to protect exposed customers whose personal data was stolen on Thursday in a major cyberattack on the country’s second-largest mobile operator.
Changes to consumer privacy regulations allow Optus and other service providers to better organize with financial institutions and government to mitigate and detect the risk of occurrence of cybersecurity, scams, fraud and other malicious cyber activities, according to officials from the Department of Communications.
The new regulations aim to reduce the impact of the data breach on Optus customers and allow financial institutions to implement enhanced safeguards and monitoring, communications minister officials said.
Australia’s biggest data breach
Stolen personal data has been rearranged from one in three Australians. The breach was committed through an anonymous online account that affected 40% of the country’s population.
The data breach also affected expired identifications and personal information of one million customers. Optus also explained that the leaked information does not contain any valid or existing document identification numbers of more than 8 million customers.
On September 21, Optus communications, owned by Singapore Telecommunication Limited, lost the records of more than 10 million current and former customers, including national healthcare identification numbers, driving licenses and passports. added officials.
Australian government changes privacy law through parliament
The Australian government can make changes to telecommunications regulations without a recommendation to parliament.
However, the Australian government plans to pass the Privacy Act amendments sent to parliament in the last four weeks of parliamentary sittings of 2022 following the Optus breach.
Optus communication conveyed to its customers through advertisements in Australian newspapers on October 1 with the message ‘we are deeply sorry’.
The advertisement also gives information about cyberattacks by including a link to the Optus website. On the website, customers can follow certain instructions to prevent fraud and identity theft.
Recent changes allow high penalties for businesses
Regulatory changes include increased penalties for companies neglecting cybersecurity protections.
In addition to restrictions on the amounts and types of customer data companies can collect and how long personal information can be retained.
In September, the data breach was considered the biggest data breach in Australia with more than 10 million data thefts recorded.
The Australian government will propose to the Governor-General to authorize changes to privacy regulations, Australian government officials said.
The suggestive changes will also enable increased cyber detection in the wider financial services industry. Detection is through current industry mechanisms to submit deceptive transactions such as fraudulent information exchanges.
The Australian government will not reveal details of financial institutions that obtain information from Optus for data security reasons, officials said.
Australian sectors are on high alert after Optus breach
According to the treasurer, financial institutions must destroy information that is no longer necessary. However, the information may only be used for the primary purpose of verifying or responding to cybersecurity incidents, scams, fraud or identity theft.
Australian government sectors, financial institutions and telecommunications sectors have been on high alert since the cyberattack at Optus, the Treasurer added.
The attack highlighted changes to privacy rules to help financial institutions take immediate action to prevent fraudulent transactions.
The Australian government had criticized Optus for reporting the attack as advanced and also for the delay in updating affected customers.
The government also believes the breach at Optus was due to a fundamental security flaw.