It's a pretty sad fact, but it's a fact nonetheless that data breaches are fairly commonplace these days. Mobile carriers, which hold plenty of personal, identifiable information, are common targets and T-Mobile has been the one to be hit time after time. Affected customers are usually told to change their passwords and sign up for credit monitoring. But it seems like Australia is making more of a deal about a recent hack attack on telecom operator Optus.
Optus first reported the data breach on September 22, but the size of the impact would only be revealed in the following days: 9.8 million customers, current and former, are estimated to be affected by the possible exposure of names, birth dates, phone numbers, driver's license numbers, Medicare numbers, and even information from job finding service Centrelink. The company says it's been working to notify customers who were affected by the theft of specific points of data, getting in touch with territory, state, and federal government agencies, and offering credit monitoring to customers through Equifax.
On Friday, the Australian Federal Police initiated a comprehensive joint operation with state and territory police to protect more than 10,000 customers who have had more than 100 points of data exposed. A BreachForums user who purported to have the dataset made, then withdrew an offer to sell it (via ABC). Operation Guardian involves expansive surveillance on forums and other nodes across the internet and dark web for any instances of hacked data and a focused crime prevention effort.
But the federal government isn't pleased with the amount of action Optus has taken. The ABC reports that the federal agency Services Australia had made a request to Optus on September 27 for the full list of customers who were had their Medicare and Centrelink information revealed. Optus has yet to respond.
"It's been 11 days since the breach," Bill Shorten, Minister for Government Services, said. "It is peculiar that we still can't identify who for example used their Medicare information — their number — to be able to get identification."
The Labour government is also looking to strengthen laws over the commercial handling of data. Cyber Security Minister Clara O'Neil said laws on the book set in place by the previous Liberal-Nationals government aren't enough to manage emergencies such as this one.