MELBOURNE — The Australian government on Sunday leveled its harshest criticism yet against Optus, the second-biggest telecoms company, for a cybersecurity breach that affected the equivalent of 40% of the country’s population.
The government blamed Optus, owned by Singapore Telecommunications, for the breach, which affected 10 million accounts, urging the company to speed up its notification to 10,200 customers whose personal information was released in one of the country’s biggest cybersecurity breaches.
“We should not be in the position that we’re in, but Optus has put us here,” Home Affairs Minister Clare O’Neil told a televised news conference from Melbourne. “It’s really important now that Australians take as many precautions as they can to protect themselves against financial crime.”
Optus said on Sunday it was working closely with federal and state government agencies to determine which customers need to take any action but was still seeking further advice on the status of customers whose details had expired.
“We continue to work constructively with governments and their various authorities to reduce the impact on our customers,” an Optus spokesperson said in emailed comments.
The spokesperson did not respond to a question on whether Optus had identified how the breach occurred.
The company ran a full-page apology in major Australian newspapers on Saturday for the “devastating” breach that it first reported on Sept. 22. An unidentified person later posted online that they had released personal details of 10,000 Optus customers and would keep doing so daily until they receive $1 million.
Australian police’s operation to find the person or people behind the breach at Optus is “progressing well,” O’Neil said, adding that police would provide an update this week.
However she said Optus needed to step up its efforts to call, not just email, people whose identification data was released online to let them know they are at risk.
Saying now was “a time for real vigilance for Australians,” O’Neil urged those who had been notified to cancel their passports or other identification cards and get fresh identification documents as soon as possible.
Five days after being requested, Optus had not handed over information to the government about customers who had provided their Medicare health care cards or other social services information for identification purposes for Optus accounts, said Government Services Minister Bill Shorten.
“We call upon Optus to understand that this breach has introduced systemic problems for 10 million Australians in terms of their personal identification,” he told reporters at the joint media conference.
“We know that Optus is trying to do what it can, but having said that, it’s not enough,” Shorten said. “It’s now a matter of protecting Australians’ privacy from criminals.”
O’Neil said Australia needs to reform its cybersecurity laws to give the government stronger powers to respond to cyber security emergency incidents. (Reporting by Sonali Paul; Editing by William Mallard)