Australia will change its privacy rules to allow banks to be notified of data breaches in the corporate world, following a huge leak of personal information from the country’s second-largest telecommunications company.
Speaking on a local radio station Monday, Prime Minister Anthony Albanese said the hack of Optus, the second-largest telecom operator, was a « huge wake-up call » that required reforms to alert financial institutions of cyberattacks and allow them to protect their customers.
Under the planned changes, companies will be required to alert banks of data breaches involving customers so that creditors can monitor their accounts for suspicious activity.
Cybersecurity Minister Clare O’Neill said over the weekend that details of the « steps to be taken in the future » would be announced in the coming days.
Optus revealed last week that the personal data of nearly 10 million users may have been compromised in one of the largest data breaches in Australian history.
The operator, which is owned by Singapore Telecommunications, said the leaked information included names, addresses, birth dates, phone numbers, email addresses, as well as driver’s license and passport numbers.
A self-identified hacker has since posted online messages threatening to expose the information obtained in the leak unless Optus pays a $1 million ransom in crypto-currency.
While Optus has not identified who is behind the cyberattack, the telecommunications company said the attacker’s IP address can be traced to a number of countries in Europe.
Trevor Long, a Sydney-based technology industry analyst, said the proposed reforms don’t go far enough.
« Customers are angry, they’re talking about leaving Optus, and we don’t really know the scale of the problem yet because Optus isn’t releasing numbers » Long told Al Jazeera.
The data breach at Optus is the latest in a series of cyberattacks this month that have hit high-profile companies including Samsung, North Face, American Airlines and Uber.
