The Australian government is creating stricter requirements for cyber incident disclosure after experiencing one of the largest data breaches in the country’s history.
Prime Minister of Australia, Anthony Albanese, intends to change privacy legislation regarding breaches. Any company suffering a data breach will soon be required to share details with banks regarding customers who may have been affected. Current policy states that companies are not allowed to give out customer details to third parties.
Last week, telecom company Optus was breached and up to 9.8 million customers were potentially affected. That accounts for around 40% of the Australian population. The data leaked included dates of birth, addresses, names and contact information.
An individual claiming to be the hacker offered a listing price of $150,000 for the stolen data, as well as an extortion price of $1 million. Approximately 10,000 files were also distributed by the alleged criminal as “free samples.” Many current Optus customers are unhappy with how the breach has been handled, due to the lack of proper notification to affected users.
While the government’s policy changes are a step in the right direction, it’s imperative that companies do their due care and due diligence when dealing with data security and privacy.