Two Australian regulators said on Tuesday they have opened discussions into Optus, the country''s number 2 telecom provider, following a breach of its systems. Personal data was stolen from up to 10 million accounts.
Optus, who disclosed the breach on September22, has only suffered extensive damage from the government and the public for failing to prevent the massive cyberattack.
The Office of the Australian Information Commissioner (OAIC) said it is investigating whether the Singapore Telecommunications company was using reasonable measures to protect customer data and comply with privacy restrictions.
The Australian Communications and Media Authority (ACMA) has stated that it is investigating whether Optus met its industry obligations as a telecoms provider in terms of keeping and disposing of personal data.
In the midst of the rising drought, the federal government has announced that it will modify data security laws in order to entitle banks to notify them about possible breaches. Several law firms are also considering filing class action lawsuits.
In a statement, the OAIC said in a statement that if it finds that "interference with one or more persons has occurred," it may force Optus to take steps to ensure the breach cannot be repeated.
- Telstra Employee Data Exposed in Breach, Weeks After Optus Cyberattack
The agency said that, if it finds there was a violation of Australian privacy law, it may seek civil penalties of up to 2.2 million people per violation.
Nerida O''Loughlin, the chairman of ACMA, said in a statement that failure by telecom providers to safeguard customer information "has significant implications for everyone involved."
Gina Cass-Gottlieb, the chairman of Australia''s Competition and Consumer Commission, informed a parliamentary hearing that the regulator received 600 calls a day from people concerned about the Optus breach, although few had been scammed as a result.
Optus said in a statement that it had received formal investigation requests from both regulators and that it would engage with them in whole compliance.
2022 Thomson Reuters