Australia plans privacy rule changes after Optus cyber attack

SYDNEY: Australia plans to change privacy rules, allowing banks to be alerted faster to cyber attacks on companies, Prime Minister Anthony Albanese said on Monday (Sep 26), after hackers targeted the country's second-largest telecoms firm.

Optus, owned by Singapore Telecommunications (Singtel), said last week that home addresses, drivers' licences and passport numbers of up to 10 million customers, or about 40 per cent of the population, were compromised in one of Australia's biggest data breaches.

The attacker's IP address, or unique identifier of a computer, appeared to move between countries in Europe, the company said, but declined to detail how security was breached.

Albanese called the incident "a huge wake-up call" for the corporate sector, saying there were some state actors and criminal groups who wanted to access people's data.

"We want to make sure ... that we change some of the privacy provisions there so that if people are caught up like this, the banks can know, so that they can protect their customers as well," he told radio station 4BC.

Cybersecurity Minister Clare O'Neil told parliament she saw a "very substantial" reform task ahead in resolving a legally and technically complex issue.

"One significant question is whether the cyber security requirements that we place on large telecommunications providers in this country are fit for purpose," she said.

"In other jurisdictions, a data breach of this size would result in fines amounting to hundreds of millions of dollars."

Optus has alerted customers whose driving licence or passport numbers were stolen, a company spokesperson said in an emailed statement. Payment details and account passwords were not compromised, it added.

Australia has been looking to beef up cyber defences and pledged in 2020 to spend A$1.66 billion (US$1.1 billion) over the decade to strengthen the network infrastructure of firms and homes.