Australia plans privacy rule changes after Optus cyber attack
26 September, 2022, 8:00 pm
SYDNEY (Reuters) – Australia plans changes to its privacy rules so that banks can be alerted faster following cyber attacks at companies, Prime Minister Anthony Albanese said on Monday, after hackers targeted Australia’s second-largest telecommunications firm.
Optus, owned by Singapore Telecommunications Ltd, last week revealed databases containing home addresses, drivers licences and passport numbers of up to 10 million customers – about 40% of Australia’s population – were compromised in one of the biggest data breaches in the country.
The company said the attacker’s IP address – the unique identifier of a computer – appeared to move between countries in Europe. It has declined to give details of how the attacker breached its security.
Calling it “a massive breach” and “a huge wake-up call” for the corporate sector, Albanese said there were some state actors and criminal organisations who want to access people’s data.
“We want to make sure … that we change some of the privacy provisions there so that if people are caught up like this, the banks can be let know, so that they can protect their customers as well,” Albanese told radio station 4BC.
The federal government is planning reforms that would require businesses to alert banks in the event customer data is compromised so that lenders can then monitor affected accounts for suspicious activity, Australian media reported.
Cybersecurity Minister Clare O’Neill said over the weekend more details about the changes would be announced by the government “in the coming days”.
Australia has been looking to beef up its cyber defence and in 2020 pledged to spend A$1.66 billion ($1.1 billion) over the decade to fortify network infrastructure of companies and households.
($1 = 1.5309 Australian dollars)
(Reporting by Lewis Jackson and Renju Jose; Editing by Stephen Coates)