Government announces new cybersecurity laws and increased fines after Optus breach | optus

The Albanian government will pursue ‘very substantial’ reforms in the wake of the massive Optus data breach, including increasing penalties under the Privacy Law which are currently capped at 2.2 million of dollars.

As the government signals it will push through legislative changes, hundreds of officials from the Australian Signals Directorate, the Australian Center for Cyber ​​Security and the Australian Federal Police have been deployed to help manage the fallout from the data breach. , the government also working with banks to prevent further fraud.

Home Secretary Clare O’Neil said she would consider new cybersecurity laws to prevent similar breaches. The Optus attack affected up to 10 million customers, including 2.8 million people whose license or passport number was leaked.

O’Neil told parliament on Monday that in other jurisdictions a data breach of this magnitude “would result in fines amounting to hundreds of millions of dollars”.

“I really hope that this task of reform is something that we can work on collaboratively in parliament,” she said.

On ABC at 7:30 a.m., O’Neil added that the current level of penalties — a maximum of just over $2 million — was “totally inappropriate.”

The minister said the government would review the cybersecurity requirements currently imposed on major telecom providers to see if they were fit for purpose.

She also suggested the government was looking at ways to ensure the passport and license details of the 2.8 million customers affected could be flagged to provide additional protection against identity theft.

O’Neil told ABC Melbourne that the data breach was caused by a “very significant error on the part of Optus” because the cyber hack “was not particularly difficult technologically”.

“One of the big disappointments for me as cybersecurity minister is that…a telecommunications company left open a vulnerability of this size.

“The Albanian government is incredibly angry…and we need to do everything we can to help these Australians protect themselves.”

O’Neil said “at this stage” the government does not have the ability to fine Optus, but it would consider legislating such powers following the incident.

She noted that she had the power to set ‘minimum cybersecurity standards for many sectors of the economy, but not for telecom operators’ because they had lobbied to be excluded from the laws – citing their superior defenses . The minister said these were “not demonstrated” by the data breach.

Shadow Home Secretary Karen Andrews said the opposition was ready to consider a new regime that would impose heavy fines of up to hundreds of millions of dollars.

“I’m happy to look into it and see if it’s something that’s too late to impact Optus, which I suspect, and also whether or not it will be a deterrent and what the impact of that?” Andrews told the ABC.

Consumer group Digital Rights Watch said the breach highlighted the danger of collecting and storing large amounts of personal information and called for changes to privacy law.

“We need privacy laws that ensure companies only collect and store the minimum amount of personal information, and that there are tough penalties when they collect more than they have. need, given the risk it creates for those involved,” the group said in a statement.

Comments are closed.