Federal government to present new security measures after massive Optus data breach
The Home Secretary is expected to soon announce several new security measures following the massive Optus data breach in which hackers stole the personal information of up to 9.8 million Australians.
- As part of the changes, banks and other institutions would be notified more quickly of a similar data breach
- Data protection currently prevents banks from being immediately notified of a cyber breach relevant to their customers
- Many in the telecom sector blame regulation, including metadata retention laws, for contributing to the breaches
On Saturday, Clare O’Neil and several of her fellow federal ministers met with the Australian Signals Directorate and the Cyber Security Center to discuss the aftermath of the devastating cyber hack.
Under the changes, which will be announced in the coming days, banks and other institutions would be notified much more quickly if a data breach occurs at a company like Optus, preventing personal information from being used to access accounts.
The ABC has been told the first step is to order Optus to hand over customer data to the banks so financial institutions can improve security and monitor customers whose personal information has been stolen.
Data protection currently prevents banks from being immediately notified of a cyber breach relevant to their customers.
On Saturday, Ms O’Neil tweeted a response to the breach, saying changes were needed to the way Australian companies protect customer data.
There is growing frustration across Australia’s telecoms sector over federal regulations being imposed on the industry, including metadata retention laws, which many have accused of contributing to data breaches.
“It annoys me that people think Optus and others want this data – it’s necessary for metadata laws – we don’t,” a longtime telecoms insider told the ABC.
“People act like data is gold – it’s not; it’s uranium – super useful when used properly, and incredibly dangerous if left lying around.”
Suggestions for further security measures being prepared by the Albanian government were met with skepticism.
“[We’re] regulations on impossible deadlines with a network built in the 1990s,” a senior industry figure told ABC on condition of anonymity.
“We don’t even have a publicly verifiable chronology of how the Optus breach occurred, the investigation is ongoing, and yet we’re rushing legislation – not a great plan.
“If this was a plane crash, we would let investigators determine the cause before deciding what to do about it — that’s why flying is so safe.”