On Sunday morning, government officials gathered to criticize Optus for its enormous hacking incident, accusing the firm of not doing enough and of accepting a lackluster apology.
Attorney-General Mark Dreyfus said he had still not received an explanation for Optus’s practice of holding onto sensitive customer information even after those customers left the network.
The hacker obtained data dating back to 2017 from 10 million current or past Optus subscribers.
As that seems to be the situation with Optus storing the highly sensitive data of consumers who had ceased to be clients years ago, Mr. Dreyfus told ABC’s Insiders, “I believe that firms should not preserve information forever.”
I have yet to learn the rationale for what was happening. Such is particularly concerning since Optus failed to protect that information.
Companies, according to Mr. Dreyfus, need to adopt a fresh perspective on personal data.
According to one provision of the Privacy Act, data belonging to Australians may only be used for the purposes for which they were gathered, the man stated.
“If the goal here was to identify someone who is creating an account or receiving a phone from Optus, that’s the end of it,” the man said.
I have argued all week that businesses throughout Australia should stop seeing the personal information about Australians as an advantage and start seeing it as a liability instead.
Dreyfus raised the idea of toughening the laws governing data storage.
This is a wake-up call for business Australia, and we’re going to carefully examine the Privacy Act’s settings, he said.
To try to both toughen sanctions and make firms think harder about why they are holding the personal data of Australians, I may introduce revisions to the Privacy Act before the end of the year.
Optus published a full-page ad in newspapers on Saturday to express its “deep regret” for the data leak, but two government ministers claimed it wasn’t nearly enough on Sunday morning.
Clare O’Neil, minister of cyber security and home affairs, said that Optus had not gone far enough to warn the 10,200 persons whose information the hacker had released online, who were the ones most at danger.
At a press conference, Ms. O’Neil said, “Optus has informed it has notified those folks – an email is just not adequate under these circumstances.”
“We will have to engage in a process of communicating with those 10,200 people personally.”
“Optus has to step up here to ensure people are informed when they are directly at danger, as those folks are,” the author writes.
She said that Optus had neglected to alert the authorities of who and how many people were at danger.
“We would want Optus to be open about the numbers of persons who have had certain identification papers hacked and that information has not yet been disclosed,” the group said.
Services Minister Bill Shorten joined the criticism, stating that his office had written to Optus on September 27 requesting information on all persons whose Medicare cards or other Centrelink information had been taken but had not yet received a response.
11 days have passed since the intrusion, he said.
It is really strange that we are still unable to determine who used their Medicare information number in order to get their information.
We actually needed this days ago; we don’t need it tomorrow or the following day.
While acknowledging the Optus commercial’s apology to consumers, Mr. Shorten insisted that “business as usual” and “motoring around in fourth gear” were insufficient solutions.
An advertisement is neither a strategy or a plan, he said.
“We are requesting that Optus improve its openness.”
“Systemic risk concerning the privacy of (their) information has been pumped into the Australian bloodstream. We know that Optus is attempting to do all it can, but having said that, it’s not enough.”
One taskforce was formed to find the hacker, while the other was formed to assist the 10,000 people whose data had been exposed, according to Ms. O’Neil.
She gave several suggestions in addition to delivering yet another sharp censure to Optus.
Anyone who thinks they were affected by the intrusion or learned of questionable behavior should visit cyber.gov.au to get guidance and file a complaint, she said.
“If you get suspicious emails, don’t click on any links. If you receive suspicious text messages, don’t respond. Even if suspicious phone calls come in from suspicious numbers, don’t answer.
Australians need to exercise extreme caution at this time; Optus should not have placed us in this situation.
Optus said in its advertisement on Saturday that it was “closely collaborating with authorities,” which Ms. O’Neil accepted before calling attention to what the carrier hasn’t done.
We sincerely apologize, it said in the statement.
“We sincerely regret that a hack occurred under our supervision.
We understand how painful this is and how hard it will be for us to earn back your faith. The incident was swiftly stopped, and we are collaborating closely with law enforcement to determine how this invasion of your privacy happened.
Less NSW users may need to update their license numbers due to stricter document verification procedures, it has been revealed.
The investigation into finding the hacker was “progressing well,” according to Ms. O’Neil, and the AFP planned to discuss it next week.
The hacker abruptly backed off mid-week, claiming there were “too many eyes” on them and even apologizing for what they did after threatening to reveal all the data if Optus did not pay a $US1 million ($1.5 million) ransom in seven days.
However, they first made the data of 10,200 individuals public to demonstrate that the danger was real.