Optus should not sack any executives ‘until crisis resolved’, Assistant Treasurer says
The Assistant Treasurer has weighed in on the Optus data breach, as the government moves “straight away” on privacy reforms.
Optus should not sack any executives or senior management until the data breach crisis has been resolved, Assistant Treasurer Stephen Jones said on Thursday.
Mr Jones said nothing would be gained from the besieged telecommunications company making senior personnel changes as the situation unfolds. The comments came hours after Optus revealed that nearly 37,000 Medicare details were compromised in the breach, including almost 15,000 active numbers.
“What matters right now is that there is stability and certainty in Optus’ management structure, that the people who created the mess clean it up,” he told Sky News.
“I think there will be plenty of time down the track for the Optus board and Optus senior management to reflect on their actions, but what matters right now is that we are dealing with the crisis and I think continuity of management and government is absolutely critical for that.”
On Thursday Mr Jones met with Australia’s consumer watchdog, banks and consumer groups to discuss the breach. Around 10 million Australians were caught up in the hack, with personal details ranging from their full name and address to their passport, driver's licence and Medicare numbers stolen.
Affected customers who replace their passport or driver's licence will not need to update their electoral enrolment, the Australian electoral commission said.
“We know that electoral enrolment won’t be front of mind for somebody affected by a data breach, and for the vast majority of voters it won’t have to be at all,” commissioner Tom Rogers said in a statement.
“The AEC regularly receives licence and passport information from our partners in federal, state and territory governments, which means a change to your licence or passport number will not affect your enrolment.”
Optus also confirmed that it would work with former customers to “find a way to credit” them for any costs associated with having their drivers’ licences changed. Existing Optus customers have been promised replacement credit into their accounts.
Attorney-General Mark Dreyfus said that the Optus saga means the government will move “straight away” on urgent privacy reforms, including changes to the Privacy Act that would potentially force companies like Optus to notify customers more quickly in the event of a breach. Companies will also likely face increased fines in the event of a massive breach.
“Any company that has had a data breach like this is obliged, where there’s serious harm, to notify the Privacy Commissioner and notify their customers,” Mr Dreyfus said on radio Thursday morning.
“Regrettably, Optus left out of the notification initially that some Medicare numbers, in addition to passport numbers and driver’s licence numbers, were included in the data breach. That shouldn’t have happened.
“It’s really important that there be notification because it’s only if there’s notification that you can start to take the appropriate steps to guard against the consequences of a data breach like this.
“Again, one of the things we’ll be looking at is whether or not the Privacy Act provisions that include that data breach notification requirement need to be toughened.”
The ‘hacker’, known as Optusdata, has claimed to have deleted the data, after earlier demanding a $1.5m cyber ransom from Optus and releasing the details of about 10,000 customers.
Leading cyber security firm CyberCX issued a new threat advisory on Thursday in wake of the breach, advising businesses to conduct a personal information audit, to stress test incident response plans, understand their exposure to the internet, review their cyber risk profile, embed threat monitoring and invest in cyber hygiene training and education.
“Organisations must be vigilant in the wake of the Optus breach,” the company said in a statement. “Those who action these six steps in the coming weeks and months will be working from a stronger, more secure foundation as the cyber threat environment continues to deteriorate.”
CBA chief executive Matt Comyn said on Thursday weighed in on the breach, and says the bank has experienced an uptick in customer enquiries by as much as 1000 per cent on usual levels.
“It‘s a very high priority for us as of course it is for Optus, the broader industry and government to work closely and thoughtfully with urgency to make sure customers are as well protected as possible,” Mr Comyn said.
“I think it’s incumbent across financial institutions, across industry … and I know there’s a lot of support from government to work out how most effectively we can counter this risk to the Australian economy.
As the federal government prepares urgent changes to cybersecurity laws and a second class action law firm considers suing Optus on behalf of its customers, Optus parent company Singtel said late on Wednesday it remained “firmly committed” to Australia and its Australian customers.
In its first statement since the massive data breach impacting almost 10 million Optus customers, said it was “deeply sorry to everyone affected” and was working with its subsidiary “to address what is a complex issue”.
“We have extended our fullest support to Kelly and the Optus management team as they work to minimise inconvenience and risk to customers,” a spokeswoman told The Australian, adding data security was a “top priority” for the company, and it was investing significant resources to strengthen cyber defences.
And days after Slater and Gordon announced a potential suit on behalf of Optus customers, fellow class action firm Maurice Blackburn said it was examining a compensation claim. “It is very disappointing that Optus still seems unable to put in place effective safeguards to protect its customers’ information, so we are investigating a potential claim against them,” principal lawyer Vavaa Mawuli said.
Tens of thousands of Optus customers have registered with Slater and Gordon to join its potential case against the telco.
Additional reporting: Joyce Moullakis, Edward Boyd
The late bloomer who just raised $37m
Having just completed a year-long $37m Series B cap raise for her Sydney firm, Ada Guan is proof of the adage that it’s better late than never.
How robots will save workers six weeks a year
Robotics and automation are changing workplaces, with Australian workers ‘neutral’ towards the shift, according to MIT. But if you’re good at problem solving, here’s how you can benefit.