>
Government ministers lined up Sunday morning to sue Optus over the massive hacking scandal, criticizing the company for not doing enough and saying ‘sorry’ isn’t good enough.
Attorney General Mark Dreyfus said he had not yet received an explanation as to why Optus was hoarding people’s sensitive personal information even after they left the telco.
The data stolen by the hacker came from 10 million current or former Optus customers and dates back to 2017.
Attorney General Mark Dreyfus said Optus hadn’t answered the question of why it kept customer information for so long
“I don’t think companies should keep information forever, as seems to be the case with Optus which keeps the very personal data of customers who were no longer customers years ago,” Dreyfus told ABC’s Insiders.
“I haven’t heard a reason why that was so. This is especially a concern because Optus has not kept that information safe.’
Dreyfus said companies need a new mindset when it comes to personal data.
“One of the settings in the privacy law is that information owned by Australians should only be used for the purpose for which it was collected,” he said.
“If the goal here was to identify someone who opened an account or got a phone from Optus, that’s the end.”
“I’ve been saying all week that companies across Australia should stop seeing all this Australian personal data as an asset to them, they should really see it as an obligation.”
Mr Dreyfus has indicated that he will tighten the rules around the time companies are allowed to keep private data
Dreyfus noted that the rules around data storage are being tightened.
“This is a wake-up call for corporate Australia and we are going to look very hard at the settings in the Privacy Act,” he said.
“Maybe I’ll spend reforms to the Privacy Act before the end of the year to try to toughen the penalties and get companies to think harder about why they’re storing Australians’ personal data.”
Optus ran a full-page ad in newspapers on Saturday to say it “deeply regretted the data breach”, but on Sunday morning two ministers said it was not nearly enough.
Optus ran a full-page ad apologizing to its millions of customers whose personal information was stolen in the country’s largest-ever data breach
Cyber Security and Home Affairs Secretary Clare O’Neil said Optus had not done enough to warn those most at risk, the 10,200 people whose data had been leaked online by the hacker.
“Optus has advised that it has told those people – an email just isn’t enough under these circumstances,” Ms O’Neil told a media conference.
“We will have to go through a process to speak directly to those 10,200 people.
‘Optus must take the lead here to ensure that people know immediately when they are at immediate risk, as those people are.’
She said Optus had not provided the government with information about who and how much were at risk.
“We would like Optus to be transparent about the number of people whose IDs have been compromised and that information has not yet been provided.”
The criticism was echoed by Services Secretary Bill Shorten, who said his department had written to Optus on Sept. 27 asking for details about all those whose Medicare numbers or other Centrelink information had been stolen, but so far no response. had gotten.
“It’s been 11 days since the break-in,” he said.
“It’s very curious that we still can’t identify who had their Medicare information number to get their information.
“We don’t need this tomorrow or the day after, we really needed it days ago.”
Bill Shorten reprimanded Optus for taking nearly two weeks to notify the government of the exact information stolen from its systems
Mr Shorten acknowledged the Optus ad apologizing to customers but said ‘business as usual’ and ‘riding in fourth gear’ was not enough.
“An ad is not a strategy, an ad is not a plan,” he said.
‘We ask Optus to improve their transparency.
‘System risk has been injected into the Australian bloodstream over the privacy of (their) information. We know Optus is trying to do what it can, but it’s not enough.”
Ms. O’Neil said two federal police task forces had been set up to investigate the incident, one to catch the hacker and the other to help the 10,000 whose data had been leaked.
She gave some advice and gave Optus another stinging reprimand.
“Anyone who believes they are involved in the hack or becomes aware of untrustworthy behavior can go to cyber.gov.au and seek advice and report it,” she said.
“If you see untrustworthy emails coming in, don’t click on links, if you get text messages that look strange don’t answer, even if you get calls from numbers that look untrustworthy, don’t answer. phone.
“This is a time for real vigilance for Australians, we shouldn’t be in the position we are in, but Optus has put us here.”
In Saturday’s ad, Optus said it was “working closely with authorities, something Ms O’Neil acknowledged before highlighting what the telco has failed to do.”
Home Secretary Clare O’Neil said Optus hadn’t done enough to warn those most at risk after the hack
“We are very sorry,” was the apology.
“We are deeply sorry that a cyber attack has taken place on our watch.
“We know this is devastating and we need to work hard to regain your trust. The attack was quickly stopped and we are working closely with the authorities to understand how this attack on your privacy took place.”
The apology comes as it has been revealed that fewer NSW customers will have to change their license numbers due to stricter document verification standards.
Ms O’Neil said the investigation into catching the hacker is “progressing well” and that the AFP will talk about it in the coming week.
After threatening to release all data if Optus did not pay a $1 million ($1.5 million) ransom within seven days, the hacker suddenly withdrew mid-week, saying there were “too many eyes” on it. addressed them and even apologized that they did.
Before doing so, however, they released the data of 10,200 people to prove that the threat was real.