Data breach brings call to review Australia’s data retention laws

Share

Telstra has called for a review of Australia’s data retention laws following a year’s-worth information leak of its employees’ data as well as phone scams reaching a new high. 

The telecommunications company recently experienced a cyber breach where up to 30,000 former and current workers have had their names and email addresses uploaded to a forum on the dark web. Later on, it was found that a third party was also affected by the data breach.

Aside from this, Telstra has also noticed unprecedented levels of malicious activity against their customers lately, blocking a significant amount of rogue calls and messages.  

The significant growth in malicious activity has led Telstra Chief Executive Officer Vicki Brady to state that clients were asking about the details of their personal data. CEO Brady said the Optus attack puts cyber threat and data retention laws into “stark focus.”

“The time is right for a discussion on the laws around keeping data,” CEO Brady said during the company’s annual meeting.  

“It’s a fine balance between identifying our customers, protecting them against fraud, maintaining their privacy, and helping law enforcement combat crime.” 

Telstra’s main rival Optus, which is owned by Singapore Telecommunications Ltd., revealed last month a vast hack of the records of almost 10 million current and former customers.

Optus is currently facing complaints that it failed to protect personal information and is being questioned as to why it did not destroy data it no longer needed. 

Singapore Telecommunications recently disclosed that a second Australian business it owns, technology consultancy Dialog, had also suffered a recent cyber attack. The cyber attack is said to have potentially exposed client and customer data.  

While Dialog has provided services to Telstra, it’s not clear whether the attack on Dialog was the one that exposed data on Telstra staff. 

Telstra Chairman John Mullen also called on businesses and government to work together to combat cyber attacks. 

“It is easy to be critical when it isn’t you in the firing line, and we should all avoid hubris because no one can be complacent and no organization can ever be 100% sure that it is completely protected and safe,” he said.  

“The threat and sophistication of the attackers grow every day, and business needs to put aside competitive rivalry and work constructively across industries, with government, and with the community, to protect Australia from this modern scourge.”

Source: Bloomberg. Content has been edited for style and length.