The Australian government says that it’s considering adopting tougher cybersecurity laws for companies in the telecommunication sector following the recent Optus data breach, where the data of 9.8 million former and current customers was leaked.
Cybersecurity Minister Clare O’Neil told Australian Broadcasting Corp. that the hack was “an unprecedented theft of consumer information in Australian history.”
Optus Data Breach
Optus, the second-largest wireless carrier in Australia, was recently the victim of one of the biggest cybersecurity attacks in the country’s history. The threat actors were able to obtain the details of 9.8 million former and current customers, out of Australia’s population of 26 million.
The company issued an official statement on September 22nd notifying its clients about the breach. The threat actors managed to get a hold of various client data including phone numbers, email addresses, residences, passport numbers, and information from driver’s licenses. Luckily, the clients’ financial information or account passwords were not affected by the breach.
Optus took measures to contain the breach and informed the Australian authorities about the cyber incident as soon as they discovered the problem. Jeremy Kirk, a Sydney-based cybersecurity writer, used an online forum for criminals to ask a user claiming to have downloaded the Optus information how it was accessed. The cause of the breach was apparently an application programming interface (a piece of software known as an API that allows other systems to communicate and exchange data) left open to the public.
Measures Will Be Taken
O’Neil said that in other countries such a breach will result in fines “amounting to hundreds of millions of dollars”, but the Australian law doesn’t currently allow for Optus to be fined for the breach.
One significant question is whether the cybersecurity requirements that we place on large telecommunications providers in this country are fit for purpose.
The Minister declared that a “very substantial reform task is going to emerge from a breach of this scale and size.”. The Australian Federal Police released a statement reporting that the stolen data had already been sold. The investigators are working with other law enforcement agencies from overseas to determine who was behind the attack. To protect the integrity of the investigation, the AFP declared it will not disclose what information they were able to obtain so far.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.