Major Optus cyber-attack drives Australia to begin privacy overhaul

After a significant cyber-attack targeting telecoms firm Optus, Australian Prime Minister, Anthony Albanese announced that he plans to strengthen privacy rules to ensure that banks are notified quickly after a company faces an attack.

Optus said that in recent weeks, a cyber-attack led to the theft of sensitive personal information, including dates of birth, phone numbers, email addresses, physical addresses, information from passports, and information from driver’s licenses. Given that Optus is mandated to keep identity verification information on file for six years, this assault even affected consumers as far back as 2017.

A 2020 review by Australia’s attorney general’s department sought views about whether people should have the right to ask for their personal information to be erased and if victims of breaches should be given increased rights to take legal action against the companies’ responsible for the breach.

Optus has said these changes would incur extremely large costs as well as involve technical hurdles, with the costs of this change far outweighing the benefits. After the recent hacking event, Optus has offered victims access to free credit monitoring and identity protection services for a year.

According to Prime Minister Albanese, the incident served as a significant reminder to companies of the danger posed by cyber-attacks.

“We want to make sure that we change some of the privacy provisions there so that if people are caught up like this, the banks can be let know, so that they can protect their customers as well”, he told radio station 4BC, according to Reuters reporting.

The country’s current cyber-security minister also made note of the fact that businesses would face fines of hundreds of millions of dollars for comparable cyber-attacks in other countries, such as those in the European Union.