Two Australian regulators said on Tuesday they have launched investigations into Optus, the country''s number 2 telecoms provider, after a breach of its systems resulted in the theft of personal information from up to 10 million accounts.
The investigations have added to the mood for Optus, who disclosed the breach on September22 and has since received huge criticism from the government and the public for failing to prevent the massive cyberattack.
The Office of the Australian Information Commissioner (OAIC) said it is investigating whether the Singapore Telecommunications-owned company made reasonable precautions to protect customer data and comply with privacy regulations.
The Australian Communications and Media Authority (ACMA) said it is looking into whether Optus fulfilled its industry obligations as a telecoms provider in terms of keeping and disposing of personal data.
As a result of the rising threats, the federal government has stated that it would modify data security laws to allow firms who had incurred a cyberattack to notify banks about the possibility of such disruption. Several law firms are also considering filing class action lawsuits.
If the OAIC finds that "interference with one or more persons has occurred," it may force Optus to take steps to ensure the breach cannot be repeated.
- Telstra Employee Data Exposed in Breach, Weeks After Optus Cyberattack
According to the authorities, if it finds there was a breach of Australian privacy law, it may seek civil penalties of up to 2.2 million people (roughly Rs. 11.35 crore) per violation.
Nerida O''Loughlin, the Chair of ACMA, said in a statement that failure by telecom operators to protect customer information "has significant implications for everyone involved."
Gina Cass-Gottlieb, the chairman of the Australian Competition and Consumer Commission, informed a parliamentary hearing that the regulator was receiving 600 calls a day from people concerned about the Optus breach, although few were scammed as a result.
Optus said in a statement that it had received formal investigation notices from both regulators and that it would complete dialogue with them.
2022 Thomson Reuters