The federal opposition states that the cyber attack on Optus, which has compromised millions of customers’ private information, is a dramatic wake-up call for the government on its data security laws. 

Optus has confirmed that its customers’ names, dates of birth, phone numbers, email addresses, driver’s licence numbers, passport numbers or addresses could have been accessed in the attack. However, payment details and account passwords have not been compromised. 

The telecommunications company said it was working with the Australian Cyber Security Centre to limit the risk to both current and former customers. Australian Federal Police, the Office of the Australian Information Regulator and other key regulators have also been notified. 

While the government has initiated a review into data security laws in connection to social media platforms like TikTok, opposition communications spokeswoman Sarah Henderson said it won’t be completed until next year. 

“This is all too little, too late,” she said. 

“Rather than kick the can down the road, Labor must urgently consider all regulatory options and act immediately to improve the privacy and safety of Australians online.” 

Related: ACCC warns Optus breach exposes users to fraud

Optus chief executive Kelly Bayer Rosmarin said in a statement that as soon as the telco learned of the attack it took action to block it and began an investigation. 

“While not everyone may be affected and our investigation is not yet complete, we want all of our customers to be aware of what has happened as soon as possible so that they can increase their vigilance,” she said. 

“We are very sorry and understand customers will be concerned. Please be assured that we are working hard … to help safeguard our customers as much as possible.” 

Scamwatch has advised Optus customers to secure their personal information by changing online account passwords and enabling multi-factor authentication for banking.  

Affected customers should also place limits on bank accounts, monitor for any unusual activity and request a ban on credit reports if any fraud is suspected. 

Senator Henderson said the opposition had for months been calling on the Albanese government to deliver tougher online privacy and data protection laws. 

In July, it called on Labor to adopt the coalition’s Online Privacy Bill and earlier this month, she and other opposition MPs had criticised the government for failing to strengthen laws. 

The Office of the Australian Information Commissioner said it would engage with Optus to ensure compliance with the requirements of the Notifiable Data Breaches scheme. 

Under the framework, organisations covered by the Privacy Act must notify affected individuals as quickly as possible if they experience a data breach likely to result in serious harm. 

With AAP

Eliza Sayon

Website | + posts

Eliza is a content producer and editor at Public Spectrum. She is an experienced writer on topics related to the government and to the public, as well as stories that uplift and improve the community.

• Developing an effective data ecosystem
• The journey of building an ecosystem through data
• NZ government strengthens data privacy laws against third parties
• eSafety Commissioner issues legal notice against Twitter