Government accuses Optus of dragging its heels handing over requested hack data
Bill Shorten says Optus is keeping the government for requested data and information. Photo: TND
Optus is yet to provide government agencies with information about affected customers following a massive data breach potentially impacting millions of Australians.
In a statement on Sunday, the Albanese government called on the telco to help it protect those affected from fraud.
Services Australia wrote to Optus on Tuesday asking for the full details of all customers who had their Medicare cards or Centrelink Concession Cards compromised in the hack in order to bolster security measures.
Cyber Security Minister Clare O’Neil said Optus needed to be up-front about what data had been taken for individuals.
The telecommunications giant had not responded to the request, the government said.
“This is a security breach that should not have occurred, but what’s really important here is that we row in the same direction and do everything we can to stop financial crime against Australians,” Ms O’Neal said.
Still waiting for Optus
Government Services Minister Bill Shorten said Services Australia was ready to act but needed the information held by Optus.
It remains unclear how many of the almost 10 million Optus customers impacted by the hack had their identity details stolen, however it has since been confirmed at least 10,000 parcels of ID data were put on the dark web.
The private information exposed included names, birth dates, phone numbers and addresses, as well as passport, Medicare and driver’s licence numbers.
Earlier, Attorney-General Mark Dreyfus said he would review Australia’s privacy laws and could bring in boosted protections by the end of the year.
“Companies throughout Australia should stop regarding all of this personal data as an asset for them, they should actually think of it as a liability,” Mr Dreyfus told ABC’s Insiders on Sunday.
Why hold personal data?
Mr Dreyfus said he had not heard a sufficient reason as to why companies were retaining the amount of personal data they currently were and that Optus had failed to keep user information safe.
“This is a wake-up call for corporate Australia,” he said.
“I may be bringing reforms to the Privacy Act before the end of the year to try and toughen penalties and make companies think hard about why they are storing the personal data of Australians.”
The federal government has blasted Optus’s handling of the breach, saying it was a basic hack that had exposed millions of Australians to possible identity theft.
Optus boss Kelly Bayer Rosmarin has apologised to customers but is resisting calls to go.
Opposition cyber security spokesman James Paterson said the coalition would be open to bigger fines for breaches of the Privacy Act.
“We do want to make sure that major companies in Australia are taking this very seriously,” he told Sky News on Sunday.
Ms O’Neil has been heavily critical of Optus and turned her sights to the former government, describing laws designed to protect Australia’s critical infrastructure from cyber attack as “bloody useless”.
She told Nine newspapers that Australia’s laws meant the government could step in during a cyber attack but was relatively powerless once it was over.
Mr Paterson flagged support for any changes that may be necessary if there was evidence to support them.