We’re all well aware by now that Optus has dropped the ball on customer data protection with a massive lapse in security that allowed hackers to easily access the personal information of millions of its customers.
The hack, which occurred on September 22, has had enormous ramifications for the millions of people affected. The cyber pirates who perpetrated the attack released 10,000 customer records on Tuesday, claiming they would release 10,000 more each day unless Optus pay a US$1 million ransom. They then backtracked, deleted the data, and apologised, but not before users began to be flooded with scam calls and texts.
Although Optus claimed the breach occurred because of a “sophisticated attack,” cyber security experts have since said that the “vulnerability” in their system was “so trivial it’s entirely possible it was exploited by other parties as well.”
Currently, both the Australian Federal Police and the FBI are investigating the people responsible for the hack, which is definitely not what you want if you’re a hacker.
The ease with which these hackers were able to gain access to millions of people’s personal information, including drivers’ licences, passport details, and medicare numbers, has sparked a wider conversation around how well secured many of these large companies keep our data.
Prime Minister Anthony Albanese has said that the hack demands a national response to the way companies manage people’s personal info.
“Clearly, we need better national laws, after a decade of inaction, to manage the immense amount of data collected by companies about Australians – and clear consequences for when they do not manage it well,” he said.
Which is all well and good, but if you’ve been compromised, what exactly is the government or Optus going to do about it now? Here’s all the major action that has been taken since the breach.
States to Pay for New Drivers Licences
Almost all states and territories have moved to make licence replacements free for those who have been caught up in the breach.
The New South Wales Minister for Customer Service has advised that those applying for a new licence will have to pay the $29 replacement fee upfront but that “reimbursement advice will be issued to Optus customers in the coming days.”
Queensland’s Minister for Transport has said that a free replacement licence can be obtained at a Main Roads customer service centre with proof of an Optus data breach notice.
In South Australia, anyone in need of a new licence can bring documentation from Optus to a Service SA centre and get a replacement free of charge.
Western Australia and Tasmania have both confirmed that fees for licence replacements will be charged to Optus, but have yet to clarify how this will happen. Victoria’s Transport Department has said similarly that Optus will pay for licence replacements but are also light on details.
The ACT and the Northern Territory have yet to clarify if or how new licences can be accessed.
Optus to Pay for New Passports
The federal government has demanded that Optus pay for new passports for those who have been affected by the data breach. Foreign Minister Penny Wong has written to the company saying that there is “no justification” for victims or taxpayers to cover the costs.
“I seek your earliest confirmation that Optus will cover the passport application fees of any customer affected by this breach whose passport information was disclosed and who choose to replace their currently valid passport,” Wong wrote.
Albanese told Parliament on Wednesday that the “government expects Optus to do everything within its means to support affected customers.”
“We believe that Optus should pay, not taxpayers,” he said.
There are no details yet on how or when Optus will be expected to cover the bill for replacement passports.
The Treasury Is Working With Banks to Prevent Fraud
With nearly 10 million Aussies now at heightened risk of financial crime due to the breach, the Albanese government is working to streamline the bank’s approach to prevent fraud.
They’re set to approve a the moves of a “little known” independent agency, the Australian Financial Crime Exchange (AFCX), to transfer customer data between Optus and major banks.
AFCX members cover 80% of Australia’s banks and can use its current set-up to pass on customer data safely so that banks can be on the lookout for suspicious transactions.
Treasurer Jim Chalmers has said that data would be shared with “appropriate safeguards to allow those institutions to undertake enhanced monitoring for the purposes of best protecting their consumers from any bad behaviour following this data breach”.
The government is expecting that Optus will cover the costs of the transfer and the enhanced screening for customers who have been affected.
Customers Gear Up to Sue Optus
While state and federal governments rush to try and mop up the mess, legal moves are already being made in the form of class action lawsuits undertaken by affected Optus customers.
Two legal firms have announced that they are mounting claims on behalf of those affected. One victim has said that he believes the current financial penalties for cybersecurity breaches, set at $2.2 million, are too low.
“The fine should be $1 million per customer, that would make Optus take it pretty seriously. Instead, class actions might be the only chance of it costing them,” they told the AFR.
Related: Optus Is Being Held to Ransom — How Safe Is Your Data and What Can You Do About It?
Related: The Headlines: Optus Has Been Cyber Attacked and Here Are the Vital Facts
Read more stories from The Latch and subscribe to our email newsletter.