‘Drawbridge needs to come down’: Federal government says telco still hasn’t provided critical information

The federal government says Optus still has not provided government agencies with the full details of all customers who had Medicare or Centrelink details exposed by the data breach, and has called on the telco to co-operate so they can better protect the records of those affected.

Cybersecurity Minister Clare O’Neil and Government Services Minister Bill Shorten on Sunday said that Services Australia had written to Optus on September 27 asking for the full details of customers who had their Medicare card or Centrelink concession card details exposed.

“To date, there have been no impacted customer details provided by Optus in relation to this request,” the government said in a statement.

“In the face of a breach on an unprecedented scale in Australia, Optus needs to come together with the Australian government to be part of the solution.”

Services Australia needs the information so it can place additional security measures on affected customer records and prevent future fraud, they said.

In the Optus data breach, the names, birthdates, phone numbers, addresses, passport, healthcare and driver’s licence details of 9.8 million Australians were stolen by an anonymous hacker.

O’Neil on Sunday said that Optus needed to communicate clearly to the government exactly what information had been taken regarding specific individuals.

“This will enable us to make sure that those 10 million Australians who have had some of their personal information stolen are not at risk of some type of financial crime or online fraud,” she said.

“This is a security breach that should not have occurred, but what’s really important here is that we row in the same direction and do everything we can to stop financial crime against Australians.

“We urge Optus do everything it can to provide our agencies with the information they need to help us do that.”

O’Neil has opened the door to compelling companies to report data breaches and reconnect services after a hack, declaring the current laws were “bloody useless” in dealing with the Optus attack.

Shorten said Services Australia was ready to help protect customers who had their information compromised, but they needed Optus’ help.

“This shouldn’t be a game of whack-a-mole where we work out what the problem is and then we go to the corporation and say help us stop the problem,” said Shorten. “The drawbridge needs to come down.”

Attorney-General Mark Dreyfus said the Optus hack should serve as “a wake-up call for corporate Australia” and that the telco had failed in its duty to keep customers’ personal information safe.

He promised to introduce tough new privacy laws by the end of this year and urged companies “ to think harder about why they are storing the personal data of Australians”.

“We will look very hard at the settings in the Privacy Act,” he told the ABC’s Insiders on Sunday.
Dreyfus said the act already stated that personal information was only to be used for the purpose for which it had been collected.

“If the purpose here was to identify someone who is opening an account, or getting a phone from Optus, that’s the end of it,” he said.

He repeated his earlier comments that companies should stop treating personal data as an asset and start thinking of it as a liability.

More to come.

Most Viewed in Politics

From our partners

Source: Read Full Article