AP

Australia mulls tougher cybersecurity laws after data breach

Sep 26, 2022, 12:39 AM | Updated: 6:36 pm

CANBERRA, Australia (AP) — The Australian government said on Monday it is considering tougher cybersecurity rules for telecommunications companies and blamed Optus, the nation’s second-largest wireless carrier, for an unprecedented breach of personal data from 9.8 million customers.

Optus said last Thursday it had become aware the day before of the cyberattack which obtained the details of 9.8 million people — of Australia’s population of 26 million.

Cybersecurity Minister Clare O’Neil told Australian Broadcasting Corp. the hack was an “unprecedented theft of consumer information in Australian history.”

For 2.8 million current and former Optus customers, the breach involved “significant amounts of personal data,” including driver’s licenses and passport numbers, O’Neil said.

Those 2.8 million people are at significant risk of identity left and fraud, she said.

“The breach is of a nature that we should not expect to see in a large telecommunications provider in this country,” O’Neil told Parliament.

In some countries, such a breach would result in fines “amounting to hundreds of millions of dollars,” O’Neil said.

Australian law doesn’t currently allow for Optus to be fined for the breach.

“A very substantial reform task is going to emerge from a breach of this scale and size,” O’Neil said.

“One significant question is whether the cybersecurity requirements that we place on large telecommunications providers in this country are fit for purpose,” she added.

Australian Federal Police said in a statement that reports the stolen data had already been sold were under investigation.

Australian investigators are working with overseas law enforcement agencies to determine who was behind the attack and to help shield the public from identity fraud, the statement said.

“To protect the integrity of the criminal investigation, the AFP will not divulge what information it has obtained in the first few days” of the investigation, police said.

Jeremy Kirk, a Sydney-based cybersecurity writer, said he used an online forum for criminals who trade in stolen data to ask someone who claimed to have downloaded the Optus information how it was accessed.

Optus appeared to have left an application programming interface, a piece of software known as an API that allows other systems to communicate and exchange data, open to the public, she said.

“It looks like it was a failure to secure the software system, so anybody on the internet could find it,” Kirk told Ten Network television.

O’Neil didn’t detail how the breach occurred, but described it as a “quite a basic hack.”

Optus had “effectively left the window open for data of this nature to be stolen,” she said.

O’Neil called on Optus to offer compromised customers free credit monitoring to protect them from identity theft, a request that the Sydney-based company complied with later on Monday.

Optus announced it was offering its “most affected” customers free 12-month subscriptions to Equifax Protect, a credit monitoring and identify protection service.

Optus said the information that had been accessed by an unidentified third party included customers’ names, dates of birth, phone numbers and email addresses.

Police and other government security agencies worked through the weekend to protect affected customers, O’Neil said.

Government agencies were also working with the banking sector to protect customers.

“This is complex. It’s legally and technically complex, but we are working on a solution,” O’Neil said.

Prime Minister Anthony Albanese described the breach as a “huge wake-up call for the corporate sector.”

Albany foreshadowed potential changes to privacy provisions so that banks can move more quickly to protect their own customers after such a breach.

“We know that in today’s world there are actors — some state actors, but also some criminal organizations — who want to get access to people’s data,” Albanese said.

Optus chief executive Kelly Bayer Rosmarin said in a statement last week that, “We are devastated to discover that we have been subject to a cyberattack that has resulted in the disclosure of our customers’ personal information to someone who shouldn’t see it.”

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

AP

Arizona will not approve new housing construction on the fast-growing edges of metro Phoenix that r...

Associated Press

Arizona Senate passes plan to manage rural groundwater, but final success is uncertain

A plan to manage rural groundwater passed the Arizona Senate amid concerns about the availability of sufficient water for future generations.

1 day ago

A woman pauses while shopping at a Kohl's store in Clifton, N.J., Jan. 26, 2024. On Thursday, Feb. ...

Associated Press

Federal Reserve’s preferred inflation gauge picked up last month in sign of still-elevated prices

An inflation gauge favored by the Federal Reserve increased in January, the latest sign that the slowdown in U.S. consumer price increases is occurring unevenly from month to month.

2 days ago

This undated image provided by Mikel Desmond shows his brother Marcus Tessier, who turned up in Dem...

Associated Press

Missing teen with autism found in New Mexico, about 200 miles away from his Arizona home

A missing teen with autism has been found in New Mexico — about 200 miles away from his home in southern Arizona.

2 days ago

A newly released report on last year’s fatal crash involving a pickup truck and a group of bicycl...

Associated Press

Report suggests steering of vehicle that caused fatal Goodyear bicycle crash worked fine

A new report on last year’s fatal Goodyear bicycle crash has cast doubts about the driver’s claim the vehicle’s steering locked up.

3 days ago

Israeli Embassy...

Associated Press

US airman dies after setting himself ablaze outside Israeli Embassy in Israel-Hamas war protest

An active-duty member of the U.S. Air Force has died after he set himself ablaze outside the Israeli Embassy in Washington, D.C.

5 days ago

Biden and Trump to visit Mexico border Thursday immigration...

Associated Press

Biden and Trump both plan trips to the Mexico border Thursday, dueling for advantage on immigration

President Joe Biden and former President Donald Trump will make dueling trips to the U.S-Mexico border on Thursday.

5 days ago

Sponsored Articles

...

Collins Comfort Masters

Here’s 1 way to ensure your family is drinking safe water

Water is maybe one of the most important resources in our lives, and especially if you have kids, you want them to have access to safe water.

...

Day & Night Air Conditioning, Heating and Plumbing

Day & Night is looking for the oldest AC in the Valley

Does your air conditioner make weird noises or a burning smell when it starts? If so, you may be due for an AC unit replacement.

...

Canvas Annuity

Interest rates may have peaked. Should you buy a CD, high-yield savings account, or a fixed annuity?

Interest rates are the highest they’ve been in decades, and it looks like the Fed has paused hikes. This may be the best time to lock in rates for long-term, low-risk financial products like fixed annuities.

Australia mulls tougher cybersecurity laws after data breach