A customer waits for service at a Optus phone store in Sydney, Australia on Oct 7, 2021. (MARK BAKER / AP)
CANBERRA – The Australian government has flagged new cyber security measures in response to a major hack of one of the nation's top telecommunications providers.
"We should not have a telecommunications provider in this country which has effectively left the window open for data of this nature to be stolen,"
Home Affairs Minister
On Thursday, Optus, Australia's second-largest mobile network operator, announced a cyber attack has exposed the data of up to 10 million current and former customers, with 2.8 million people significantly affected.
Addressing the breach, Home Affairs Minister Clare O'Neil refuted Optus' claim that the attack was a sophisticated operation, describing it as "basic."
"We should not have a telecommunications provider in this country which has effectively left the window open for data of this nature to be stolen," she told Australian Broadcasting Corporation television in an explosive interview.
On Monday night the hacker released records of 10,000 customers and threatened to continue doing so until Optus pays a ransom.
O'Neil on Monday flagged "very substantial" reforms to prevent further attacks and increase the penalties for companies with poor security.
According to a Guardian report, under the current Privacy Act fines are capped at 2.2 million Australian dollars ($1.4 million), a figure O'Neil said was "totally inappropriate", noting that in other jurisdictions such a breach would "result in fines amounting to hundreds of millions of dollars."
"Responsibility for the security breach rests with Optus and I want to note that the breach is of a nature that we should not expect to see in a large telecommunications provider in this country," she said in the parliament.
"I really hope this reform task is something we can work on collaboratively across the parliament."