The Home Affairs Minister is soon expected to announce several new security measures following the massive Optus data breach that saw hackers steal the personal details of up to 9.8 million Australians.
- Under the changes, banks and other institutions would be informed faster of a similar data breach
- Privacy protections currently prevent banks being immediately told about a cyber breach that’s relevant to their customers
- Many in the telecommunications sector blame regulation, including metadata retention laws, for contributing to the breaches
On Saturday, Clare O’Neil and several of her federal ministerial colleagues met with the Australian Signals Directorate and the Cyber Security Centre to discuss the fallout from the devastating cyber-hack.
Under the changes to be announced in coming days, banks and other institutions would be informed much faster when a data breach occurs at a company like Optus, so personal data can’t be used to access accounts.
The ABC has been told the first step to occur will be directing Optus to hand over customer data to the banks so financial institutions can upgrade security and monitor customers who’ve had their personal details stolen.
Privacy protections currently prevent banks being immediately told about a cyber breach that’s relevant to their customers.
On Saturday, Ms O’Neil tweeted a response to the breach, saying changes to the way Australian companies protect customer data were needed.
Across Australia’s telecommunications sector, frustration is growing at the level of federal regulation imposed on the industry, including metadata retention laws, which many blame for contributing to privacy breaches.
“It annoys me that people think Optus and others want this data – it’s necessary for metadata laws – we don’t,” one long-serving telecommunications insider told the ABC.
“People pretend data is gold — it isn’t; it’s uranium – super useful if used correctly and incredibly dangerous to just have laying about.”
Suggestions of further security measures being prepared by the Albanese government have also been received with skepticism.
“[We’re] satisfying regulations on impossible timelines with effectively a network built in the 1990s,” one senior industry figure told the ABC, speaking on the condition of anonymity.
“We don’t even have a publicly verifiable chronology on how the Optus breach happened yet, the investigation isn’t done and yet somehow we’re rushing in laws — not a great plan.
“If this was a plane crash, we would let the investigators determine the cause before we decided what to do about it — that’s why flying is so safe”.