Get all your news in one place.
100’s of premium titles.
One app.
Start reading
ABC News
ABC News
Business
political reporter Stephanie Dalzell

Federal government calls on Optus to 'step up' handling of cyber-attack, says telco has yet to provide critical information

The federal government has called on Optus to "step up" its handling of the major data breach, saying it still has not provided government agencies with critical information about customers who had their Medicare or Centrelink details exposed.

The cyber attack occurred almost a fortnight ago, with the names, birthdates, phone numbers, healthcare and passport details of up to 9.8 million Australians potentially compromised.

Government Services Minister Bill Shorten said Services Australia wrote to Optus on September 27, asking for the full details of all affected customers whose Medicare and Centrelink details were leaked.

But he said in the five days since that request, Optus has failed to hand over that data to the government.

"The drawbridge needs to come down," he said.

"We know that Optus is trying to do what they can, but having said that, it's not enough.

"It's been 11 days since the breach — it is peculiar that we still can't identify who for example used their Medicare information — their number — to be able to get identification."

The government said Services Australia would use the information to place additional security measures on the records of affected customers.

"We need this not tomorrow or the next day, we really needed it days ago," Mr Shorten said.

"We want to protect Australians' information that's held by government, we want to prevent further fraud and we seek Optus to step up its communication and transparency with government."

Cyber Security Minister Clare O'Neil also criticised Optus for only contacting the 10,200 people whose data was leaked online by email.

"It is crucial everyone who has been affected by this breach is properly notified of that," she said.

"An email is simply not sufficient under these circumstances," she said.

In a statement, Optus said the company was working "very closely" with federal, state and territory agencies to "determine which customers are required to take any action".

"We continue to seek further advice on the status of customers whose details have since expired," Optus said.

"Once we receive that information, we can notify those customers.

"We continue to work constructively with governments and their various authorities to reduce the impact on our customers."

Coalition's critical infrastructure laws 'useless'

Ms O'Neil, who is also home affairs minister, also criticised the former Coalition government's 2018 laws designed to protect critical infrastructure.

"The instructions on the label told me that these laws were going to provide me with all of the powers that I would need in a cyber security emergency incident, to make sure we can repair the damage," she said.

"I can tell you those laws were absolutely useless to me when the Optus matter came on foot.

"We do not have the right laws in this country to manage cyber security emergency incidents, and this is something we are going to need to look at."

Shadow Cyber Security Minister James Paterson said the Coalition was open to discussing changes to both those laws and telecommunications security legislation.

"If the government believes that new evidence has come forward during the Optus attack and that changes to either of those acts is necessary to make them even stronger, well the opposition will be very constructive and bipartisan about that of course," he told Sky News.

"We'll support any sensible changes that the government brings forward."

Earlier, Attorney-General Mark Dreyfus told the ABC's Insiders he would review Australia's privacy laws to stop companies retaining a large amount of personal data for a long time.

"Companies throughout Australia should stop regarding all of this personal data of Australians as an asset for them, they actually should think of it as a liability," he said.

"This is a wakeup call."

Senator Paterson said while he believed Optus would be up for millions of dollars of fines under the Privacy Act, the Opposition would also be open to increased fines for breaches.

"We do want to make sure that major companies in Australia are taking this very seriously because they do have a very important responsibility to their customers" he told Sky News.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.