Key Points
- The home affairs minister has criticised Optus over a data breach
- The breach exposed millions of customers' information
Home Affairs Minister Clare O'Neil has launched a scathing attack on Optus in the wake of the
Ms O'Neil said responsibility laid squarely at the feet of the telco giant and that the government was looking at ways to mitigate the fallout.
Optus revealed on Thursday it had been the target of a cyber attack that exposed the personal information of up to 9.8 million Australians, including details such as driver's licence and passport numbers.
"The breach is of a nature that we should not expect to see in a large telecommunications provider in this country," Ms O'Neil told parliament on Monday.
"We expect Optus to continue to do everything they can to support their customers and former customers."
The minister called on the telco to provide free credit monitoring to former and present customers who had their data stolen in the breach.
In a statement released on Monday afternoon, Optus announced it will be providing the most affected current and former customers with a free 12-month credit monitoring subscription to Equifax Protect.
Customers will receive detailed information about the offer in the coming days.
Ms O'Neil said the government was looking to work with financial regulators and the banking sector to see what steps could be taken to protect affected customers.
"One significant question is whether the cyber security requirements we place on large telecommunications providers in this country are fit for purpose," she said.
"In other jurisdictions, a data breach of this size will result in fines amounting to hundreds of millions of dollars."
Prime Minister Anthony Albanese said the Optus data breach was a "huge wake-up call".
As the government prepares to introduce new cybersecurity measures, Mr Albanese said the new protections would mean banks and other institutions would be informed much faster when a breach happened so personal data could not be used.
"We know in today's world there are actors - some state actors but also some criminal organisations - who want to get access to people's data," he told Brisbane radio station 4BC.
Optus said it had sent emails or text messages to all customers who had identification documents compromised in the cyber attack.
Payment details and account passwords have not been compromised.
Opposition introduces ransomware bill
It comes as opposition home affairs spokeswoman Karen Andrews introduced a bill to parliament to crack down on cybercriminals.
The bill includes a new standalone offence for cyber extortion and introduces tougher penalties for those preying on vulnerable Australians online.
Ms Andrews said businesses need guidance on national security matters, slamming the home affairs minister for not having "done the work" to ensure adequate protections are in place.
"There is no reason Labor can't support the ransomware private member's bill I introduced into the house this morning and actually keep Australians safe," she said.
"Delaying implementation by playing political games and finger pointing is not in the best interest of our nation."
Cybercriminals who use ransomware would face 10 years in prison while those targeting the country's critical infrastructure would face a maximum 25 years.
