Heimdal
article featured image

Contents:

The Australian government says that it’s considering adopting tougher cybersecurity laws for companies in the telecommunication sector following the recent Optus data breach, where the data of 9.8 million former and current customers was leaked.

Cybersecurity Minister Clare O’Neil told Australian Broadcasting Corp. that the hack was “an unprecedented theft of consumer information in Australian history.”

Optus Data Breach

Optus, the second-largest wireless carrier in Australia, was recently the victim of one of the biggest cybersecurity attacks in the country’s history. The threat actors were able to obtain the details of 9.8 million former and current customers, out of Australia’s population of 26 million.

The company issued an official statement on September 22nd notifying its clients about the breach. The threat actors managed to get a hold of various client data including phone numbers, email addresses, residences, passport numbers, and information from driver’s licenses. Luckily, the clients’ financial information or account passwords were not affected by the breach.

Optus took measures to contain the breach and informed the Australian authorities about the cyber incident as soon as they discovered the problem. Jeremy Kirk, a Sydney-based cybersecurity writer, used an online forum for criminals to ask a user claiming to have downloaded the Optus information how it was accessed. The cause of the breach was apparently an application programming interface (a piece of software known as an API that allows other systems to communicate and exchange data) left open to the public.

Measures Will Be Taken

O’Neil said that in other countries such a breach will result in fines “amounting to hundreds of millions of dollars”, but the Australian law doesn’t currently allow for Optus to be fined for the breach.

One significant question is whether the cybersecurity requirements that we place on large telecommunications providers in this country are fit for purpose.

Source

The Minister declared that a “very substantial reform task is going to emerge from a breach of this scale and size.”. The Australian Federal Police released a statement reporting that the stolen data had already been sold. The investigators are working with other law enforcement agencies from overseas to determine who was behind the attack. To protect the integrity of the investigation, the AFP declared it will not disclose what information they were able to obtain so far.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.

Author Profile

Cristian Neagu

CONTENT EDITOR

linkedin icon

Cristian is a Content Editor & Creator at Heimdal®, where he developed a deep understanding of the digital threat landscape. His style resonates with both technical and non-technical readers, proof being in his skill of communicating cybersecurity norms effectively, in an easy-to-understand manner.

Leave a Reply

Your email address will not be published. Required fields are marked *

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE