Singtel Optus awarded critical cyber security contract

The state government is facing questions about why it awarded a critical cyber security contract to Optus after the telco’s own security breaches.

Shannon Deery

@s_deery

2 min read

April 27, 2023 - 12:44PM

A tenth of Optus customers leave after the data breach

Victoria

Don't miss out on the headlines from Victoria. Followed categories will be added to My News.

The state government has awarded a critical cyber security contract to Optus, just six months after the telco giant suffered its own major cyber attack.

Millions of Optus customers had personal data stolen in the September attack, including passport numbers, drivers’ licence numbers and Medicare numbers.

It prompted investigations involving the FBI, Federal Police, The Office of the Australian Information Commissioner and the Australian Communications and Media Authority.

Optus is now facing a class action over the breach, with more than 100,000 customers already signed up with law firm Slater and Gordon.

Personal data was stolen from Optus customers. Picture: Andrew Henshaw

Now the Herald Sun can reveal Optus has been awarded a $237,000 contract to conduct an audit of the Victorian Public Health Sector’s Cyber Security Controls.

Optus will then on-sell the work to Trustware, which operates under the same parent company, Singtel.

“This will instil the confidentiality, availability, and integrity of the data, identify any significant risks and noncompliance to the baseline cyber security controls,” tender documents said.

“This will also identify the problem areas across the health sector infrastructure and systems.”

The project will include an assessment of 25 health organisations across the state.

Last month the Andrews government’s controversial medical information sharing bill passed parliament.

It will allow hospitals and healthcare workers to have one online access point with the medical records of every Victorian.

The system – only accessible by clinical staff – will provide medical information regardless of where the patient previously received care.

The Victorian government tender for Cyber Security.

The contract was awarded to Trustwave, which operates under parent company Singtel.

The Law Institute of Victoria had urged the government to amend the proposed laws to allow for patients to choose whether their health records could be accessed.

They also said Victorians should be able to put in Freedom of Information requests to determine who has accessed their private details under the scheme.

Leader of the Opposition in the upper house, Georgie Crozier, said it was “puzzling that the Government should award such a critical contract to Optus given its own security breaches.”

“You have to question what due diligence the Government is doing in awarding such contracts,” she said.

Despite the government’s own contracts website showing Optus was awarded the contract, a spokesperson said that was wrong.

“Optus was not awarded this contract – Trustwave was selected following a highly competitive procurement process, with an expert panel determining they represented the best value and capability for the job,” he said.