Australia might have robust new knowledge safety legal guidelines in place this 12 months in an pressing response to a cyberattack that stole from a telecommunications firm the non-public knowledge of 9.8 million prospects, the attorney-general stated Thursday.

Attorney-General Mark Dreyfus stated the federal government would make “urgent reforms” to the Privacy Act following the unprecedented hack final week on Optus, Australia’s second-largest wi-fi service.

Dreyfus stated “I think it’s possible” for the regulation to be modified within the 4 remaining weeks that Parliament is scheduled to sit down this 12 months.

“I’m going to be looking very hard over the next four weeks at whether or not we can get reforms to the Privacy Act into the Parliament before the end of the year,” Dreyfus told reporters. Parliament next sits on October 25.

Dreyfus said penalties for failing to protect personal data had to be increased so that corporate boards could not dismiss fines as a “cost of doing business.”

The “absolutely huge amounts” of customer data companies held for years would have to be justified under the amended law, Dreyfus said.

“Companies need to look at data storage not as an asset, but as a liability or a potential liability,” Dreyfus said. “For too long we have had companies solely looking at data as an asset that they can use commercially.”

The authorities blames lax cybersecurity at Optus, a subsidiary of Singapore Telecommunications, also called Singtel, for the theft of present and former prospects’ private info.

Singtel apologised in an announcement issued Wednesday by its administration saying, “We are deeply sorry to everybody affected by the information theft.”

“Since the incident, our focus has been on supporting Optus’ efforts to help impacted customers and strengthen their security controls,” the assertion stated.

“Information security is of paramount importance to the Singtel Group and a top priority across all of its business units and we invest significant resources to continually strengthen our defenses against emerging threats,” the assertion added.

The knowledge included passport, driver’s licence, and nationwide well being care identification numbers which might be used for identification theft and fraud.

Authorities are vital of Optus’ preliminary failure to reveal that Medicare numbers have been among the many stolen knowledge. That turned obvious Tuesday when the hacker dumped the data of 10,000 prospects on the darkish net — six days after Optus found the cyberattack.

The pressing legislative response is separate from a broader evaluate of the Privacy Act that started three years in the past. The regulation was handed in 1988 and critics argue it badly must be tailored to the digital age.

Optus might doubtlessly be fined a most AUD 2 million (roughly Rs. 10 crore) for breaching the Privacy Act, the federal government stated.

It might be fined tons of of hundreds of thousands of {dollars} over an identical safety breach below European Union legal guidelines, the federal government stated.

Submissions to the Privacy Act evaluate have prompt penalties for breaches equal to 10% of income from Australian operations.

Optus CEO Kelly Bayer Rosmarin has argued towards elevated fines, telling the Australian Broadcasting Corp. on Tuesday: “Honestly, I’m not sure what penalties benefit anybody.”

Optus maintains it was the goal of a classy cyberattack that penetrated a number of layers of safety.

After an emergency assembly with banking and shopper regulators, Financial Services Minister Stephen Jones stated “fraudsters” and “scammers” have been already starting to make use of the stolen knowledge, which incorporates cellphone numbers and e mail addresses.

With private info stolen from 38 % of Australia’s inhabitants of 26 million within the hack, “you can’t overestimate the impact of this breach on consumer issues,” Jones stated.

He warned compromised Optus prospects towards activating URLs they obtain by textual content or e mail as a result of they might be from criminals trying to steal extra info.

“We’re all working as best as we can to try and work our way through the long tail of problems that is going to be a consequence of this massive data breach,” Jones stated.