Australia Plans Tough Data Protection Laws After Optus Cyberattack

Australia might have powerful new information safety legal guidelines in place this yr in an pressing response to a cyberattack that stole from a telecommunications firm the private information of 9.8 million prospects, the attorney-general stated Thursday.

Attorney-General Mark Dreyfus stated the federal government would make “urgent reforms” to the Privacy Act following the unprecedented hack final week on Optus, Australia’s second-largest wi-fi service.

Dreyfus stated “I think it’s possible” for the legislation to be modified within the 4 remaining weeks that Parliament is scheduled to take a seat this yr.

“I’m going to be looking very hard over the next four weeks at whether or not we can get reforms to the Privacy Act into the Parliament before the end of the year,” Dreyfus told reporters. Parliament next sits on October 25.

Dreyfus said penalties for failing to protect personal data had to be increased so that corporate boards could not dismiss fines as a “cost of doing business.”

The “absolutely huge amounts” of customer data companies held for years would have to be justified under the amended law, Dreyfus said.

“Companies need to look at data storage not as an asset, but as a liability or a potential liability,” Dreyfus said. “For too long we have had companies solely looking at data as an asset that they can use commercially.”

The authorities blames lax cybersecurity at Optus, a subsidiary of Singapore Telecommunications, also referred to as Singtel, for the theft of present and former prospects’ private info.

Singtel apologised in a press release issued Wednesday by its administration saying, “We are deeply sorry to everybody affected by the info theft.”

“Since the incident, our focus has been on supporting Optus’ efforts to help impacted customers and strengthen their security controls,” the assertion stated.

“Information security is of paramount importance to the Singtel Group and a top priority across all of its business units and we invest significant resources to continually strengthen our defenses against emerging threats,” the assertion added.

The information included passport, driver’s licence, and nationwide well being care identification numbers which might be used for identification theft and fraud.

Authorities are vital of Optus’ preliminary failure to reveal that Medicare numbers have been among the many stolen information. That turned obvious Tuesday when the hacker dumped the information of 10,000 prospects on the darkish net — six days after Optus found the cyberattack.

The pressing legislative response is separate from a broader overview of the Privacy Act that started three years in the past. The legislation was handed in 1988 and critics argue it badly must be tailored to the digital age.

Optus might doubtlessly be fined a most AUD 2 million (roughly Rs. 10 crore) for breaching the Privacy Act, the federal government stated.

It might be fined tons of of thousands and thousands of {dollars} over an analogous safety breach below European Union legal guidelines, the federal government stated.

Submissions to the Privacy Act overview have advised penalties for breaches equal to 10% of income from Australian operations.

Optus CEO Kelly Bayer Rosmarin has argued in opposition to elevated fines, telling the Australian Broadcasting Corp. on Tuesday: “Honestly, I’m not sure what penalties benefit anybody.”

Optus maintains it was the goal of a complicated cyberattack that penetrated a number of layers of safety.

After an emergency assembly with banking and client regulators, Financial Services Minister Stephen Jones stated “fraudsters” and “scammers” have been already starting to make use of the stolen information, which incorporates cellphone numbers and electronic mail addresses.

With private info stolen from 38 p.c of Australia’s inhabitants of 26 million within the hack, “you can’t overestimate the impact of this breach on consumer issues,” Jones stated.

He warned compromised Optus prospects in opposition to activating URLs they obtain by textual content or electronic mail as a result of they might be from criminals making an attempt to steal extra info.

“We’re all working as best as we can to try and work our way through the long tail of problems that is going to be a consequence of this massive data breach,” Jones stated.