New measures to prevent ID fraud after Optus data breach
New regulations have been unveiled to allow Optus to share its customers’ data with financial institutions and government agencies to help prevent fraud.
Optus has been given the green light to share its customers’ information with financial institutions and government agencies to help prevent fraud under new regulations following its massive data breach.
Under the changes, telcos will be able to temporarily share approved information about customers affected by data breaches with financial institutions, including their drivers’ licence and passport numbers, and Medicare card details.
Banks and other financial institutions will be able to use the information to monitor customers’ accounts for unlawful withdrawals and to detect fraudulent attempts to seek credit.
State and territory authorities will also be granted access to the information to help them prevent identity-related fraud.
The government has been working on the new regulations since it learned more than a fortnight ago that the personal details of almost 10 million Optus’ customers were compromised in one of the nation’s biggest ever data breaches.
Communications Minister Michelle Rowland said the amended telecommunications regulations would help prevent ID theft and scams targeting Optus customers.
“What this is all about is to try and reduce the impact of this data breach on Optus customers and to enable financial institutions to implement enhanced safeguards and monitoring,” Ms Rowland said.
She said they would be the first of a series of rapid changes to be introduced by the government in response to the breach.
The government is preparing new cybersecurity laws that would impose hefty fines on businesses that fail to properly secure customer data, and will push ahead with a national digital identity system that would allow businesses to do away with 100 point ID checks.
Attorney-General Mark Dreyfus has also flagged privacy law changes to prevent companies holding customers’ information for longer than necessary.
Under the amended regulations, the Optus data will only be available to domestic financial institutions regulated by the Australian Prudential Regulation Authority, and the information must only be used to prevent fraud, scams or identify theft.
The changes will be reviewed after 12 months.
The Council of Financial Regulators’ cybersecurity working group will also recommend options for a secure data-sharing platform to help identify at-risk customers.
Ms Rowland said the new regulations had been carefully designed with strong privacy and security safeguards to ensure only limited information could be made available for particular purposes.
“This will enable Optus, the financial services sector and relevant agencies to work together more effectively, to implement enhanced monitoring and safeguards to protect customers affected by the breach,” she said.
Treasurer Jim Chalmers said the government had been “working in lock-step with banks and financial regulators” to ensure the secure sharing of data between Optus and financial institutions to improve consumer protection.
“Financial institutions can play an important role in targeting their efforts towards protecting customers at greatest risk of fraudulent activity and scams in the wake of the recent Optus breach,” he said.
“These new measures will assist in protecting customers from scams, and in system-wide fraud detection.”
The government has been scathing in its criticism of Optus over the data breach, with Home Affairs Minister Clare O’Neil declaring the company “left the window open” for its customers’ information to be stolen.
Government Services Minister Bill Shorten also went on the attack, saying Optus executives were “kidding themselves” if they thought customers were happy with the way they had communicated with them following the data breach.
The Australian Federal Police has launched two investigations into the Optus breach. Operation Hurricane is attempting to identify those behind the breach, with support from the US FBI.
Operation Guardian is examining potential fraudulent use of the records of 10,000 Optus customers who had their information leaked on the dark web.
No surrender: Wilson-Bolton war in its final stages
The long-running conflict between Geoff Wilson and Nick Bolton must be amongst the most expensive and all-consuming in Australian financial services in recent decades.
Bosses fail to agree on controversial diversity plan
Finance industry heavyweights failed to agree on diversity reporting guidelines for ASX-listed companies at a Friday meeting.