Australia mulls tougher cybersecurity laws after data breach

Sep 26, 2022, 12:39 AM | Updated: 6:36 pm
FILE - A customer waits for service at a Optus phone store in Sydney, Australia, Thursday, Oct. 7, ...

FILE - A customer waits for service at a Optus phone store in Sydney, Australia, Thursday, Oct. 7, 2021. The Australian government said on Monday, Sept. 26, 2022, it was considering tougher cybersecurity rules for telecommunications companies after Optus, the nation’s second-largest wireless carrier, reported personal data of 9.8 million customers had been breached. (AP Photo/Mark Baker, File)

(AP Photo/Mark Baker, File)

CANBERRA, Australia (AP) — The Australian government said on Monday it is considering tougher cybersecurity rules for telecommunications companies and blamed Optus, the nation’s second-largest wireless carrier, for an unprecedented breach of personal data from 9.8 million customers.

Optus said last Thursday it had become aware the day before of the cyberattack which obtained the details of 9.8 million people — of Australia’s population of 26 million.

Cybersecurity Minister Clare O’Neil told Australian Broadcasting Corp. the hack was an “unprecedented theft of consumer information in Australian history.”

For 2.8 million current and former Optus customers, the breach involved “significant amounts of personal data,” including driver’s licenses and passport numbers, O’Neil said.

Those 2.8 million people are at significant risk of identity left and fraud, she said.

“The breach is of a nature that we should not expect to see in a large telecommunications provider in this country,” O’Neil told Parliament.

In some countries, such a breach would result in fines “amounting to hundreds of millions of dollars,” O’Neil said.

Australian law doesn’t currently allow for Optus to be fined for the breach.

“A very substantial reform task is going to emerge from a breach of this scale and size,” O’Neil said.

“One significant question is whether the cybersecurity requirements that we place on large telecommunications providers in this country are fit for purpose,” she added.

Australian Federal Police said in a statement that reports the stolen data had already been sold were under investigation.

Australian investigators are working with overseas law enforcement agencies to determine who was behind the attack and to help shield the public from identity fraud, the statement said.

“To protect the integrity of the criminal investigation, the AFP will not divulge what information it has obtained in the first few days” of the investigation, police said.

Jeremy Kirk, a Sydney-based cybersecurity writer, said he used an online forum for criminals who trade in stolen data to ask someone who claimed to have downloaded the Optus information how it was accessed.

Optus appeared to have left an application programming interface, a piece of software known as an API that allows other systems to communicate and exchange data, open to the public, she said.

“It looks like it was a failure to secure the software system, so anybody on the internet could find it,” Kirk told Ten Network television.

O’Neil didn’t detail how the breach occurred, but described it as a “quite a basic hack.”

Optus had “effectively left the window open for data of this nature to be stolen,” she said.

O’Neil called on Optus to offer compromised customers free credit monitoring to protect them from identity theft, a request that the Sydney-based company complied with later on Monday.

Optus announced it was offering its “most affected” customers free 12-month subscriptions to Equifax Protect, a credit monitoring and identify protection service.

Optus said the information that had been accessed by an unidentified third party included customers’ names, dates of birth, phone numbers and email addresses.

Police and other government security agencies worked through the weekend to protect affected customers, O’Neil said.

Government agencies were also working with the banking sector to protect customers.

“This is complex. It’s legally and technically complex, but we are working on a solution,” O’Neil said.

Prime Minister Anthony Albanese described the breach as a “huge wake-up call for the corporate sector.”

Albany foreshadowed potential changes to privacy provisions so that banks can move more quickly to protect their own customers after such a breach.

“We know that in today’s world there are actors — some state actors, but also some criminal organizations — who want to get access to people’s data,” Albanese said.

Optus chief executive Kelly Bayer Rosmarin said in a statement last week that, “We are devastated to discover that we have been subject to a cyberattack that has resulted in the disclosure of our customers’ personal information to someone who shouldn’t see it.”

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

AP

FILE - Hiring sign is displayed outside of a retail store in Vernon Hills, Ill., Saturday, Nov. 13,...
Associated Press

Applications for jobless benefits declined last week

WASHINGTON (AP) — The number of Americans applying for unemployment benefits came back down last week, hovering near levels suggesting the U.S. labor market has been largely unaffected by the Federal Reserve’s aggressive interest rate hikes. Applications for jobless aid fell to 225,000 for the week ending Nov. 26, a decline of 16,000 from the […]
7 hours ago
FILE - Signs advertise deals and low prices at a Walmart in Secaucus, N.J., Tuesday, Nov. 22, 2022....
Associated Press

An inflation gauge tracked by the Fed slows to still-high 6%

WASHINGTON (AP) — A measure of inflation that is closely monitored by the Federal Reserve eased but remained at an elevated level in October, likely reinforcing the Fed’s intent to keep raising interest rates to cool the economy and slow the acceleration of prices. Thursday’s report from the Commerce Department showed that prices rose 6% […]
7 hours ago
FILE - In this Sept. 26, 2015 file photo, Juventus President Andrea Agnelli arrives for a Serie A s...
Associated Press

Indictments requested for Agnelli and others in Juve scandal

TURIN, Italy (AP) — The Turin prosecutor’s office has requested indictments of former Juventus president Andrea Agnelli, 10 other former board members, and the club following an investigation into alleged false accounting. Former vice-president Pavel Nedved and CEO Maurizio Arrivabene — who left the club on Monday when Agnelli and the entire board of directors […]
7 hours ago
Associated Press

German parliament votes to approve EU-Canada trade pact

BERLIN (AP) — German lawmakers on Thursday approved a free-trade deal between the European Union and Canada, moving the accord a step closer to taking full effect. The pact, formally known as the Comprehensive Economic and Trade Agreement, or CETA, was signed in late 2016. Most of its terms have been implemented provisionally since 2017, […]
7 hours ago
Associated Press

Fed matches year of hot inflation with feverish rate hikes

NEW YORK (AP) — Wall Street expects the impact of the Federal Reserve’s most aggressive year of interest rate hikes in at least three decades to continue to be felt through next year. The central bank’s plan to fight stubbornly high prices on everything from food to clothing has been the central focus for Wall […]
7 hours ago
FILE - Jamie Lee Curtis appears at the Governors Awards in Los Angeles on Nov. 19, 2022. Curtis is ...
Associated Press

Jamie Lee Curtis to receive AARP Career Achievement Award

LOS ANGELES (AP) — “Scream Queen” Jamie Lee Curtis will be this year’s recipient of AARP The Magazine’s Movies for Grownups Awards career achievement honor. Curtis will receive the honor at the AARP’s annual Best Movies and TV for Grownups ceremony, the group announced Thursday. Alan Cumming returns to host the ceremony, which will be […]
7 hours ago

Sponsored Articles

...
Quantum Fiber

How high-speed fiber internet edges out cable for everyday use

In a world where technology drives so much of our daily lives, a lack of high-speed internet can be a major issue.
...
Children’s Cancer Network

Children’s Cancer Network celebrates cancer-fighting superheroes, raises funds during September’s Childhood Cancer Awareness Month

Jace Hyduchak was like most other kids in his kindergarten class: He loved to play basketball, dress up like his favorite superheroes and jump as high as his pint-sized body would take him on his backyard trampoline.
...
SCHWARTZ LASER EYE CENTER

Key dates for Arizona sports fans to look forward to this fall

Fall brings new beginnings in different ways for Arizona’s professional sports teams like the Cardinals and Coyotes.
Australia mulls tougher cybersecurity laws after data breach