Australia will overhaul its privacy rules to allow banks to be informed of data breaches in the corporate world, following a huge leak of personal information from the country’s second-biggest telecom.
Speaking on local radio on Monday, Prime Minister Anthony Albanese said the hacking of No 2 telecom Optus was a “huge wake-up call” that necessitated reforms that would alert financial institutions to cyberattacks and allow them to “protect their customers.”
Under the planned changes, businesses would be required to alert banks of data breaches involving customers so that lenders could monitor their accounts for suspicious activity.
Cybersecurity Minister Clare O’Neill said over the weekend that details of what “steps need to be taken in the future” would be announced in the coming days.
Optus disclosed last week that the personal details of up to 10 million users may have been compromised following one of the biggest data breaches in Australian history.
The carrier, which is owned by Singapore Telecommunications, has said the compromised information includes names, addresses, dates of birth, phone numbers, email addresses, and driver’s licence and passport numbers.
A self-identified hacker has since posted messages online threatening to expose information obtained in the leak unless Optus pays a ransom of $1m in cryptocurrency.
Although Optus has not identified who is behind the cyberattack, the telecom has said the attacker’s IP address can be traced to a number of countries in Europe.
Trevor Long, a technology industry analyst based in Sydney, said the proposed reforms did not go far enough.
“Customers are angry, they are talking about leaving Optus, and we still don’t truly know the size of the issue as Optus are not releasing numbers,” Long told Al Jazeera.
“The government needs to put in place a simple credit-blocking mechanism for people to use to turn off the ability for credit to be applied for under their name. Turn it on when you want a loan or credit card, turn it off when you don’t. That off switch effectively cuts off any fraudsters at the first hurdle.”
The data breach at Optus is the latest in a string of cyberattacks this month involving leading companies, including Samsung, North Face, American Airlines and Uber.