In Australia companies did not have to tell anyone that they had been hacked and could pretend it didn't happen. This was great for the companies particularly banks but less fair dinkum for users.
Prime Minister Anthony Albanese told Australian radio station 4BC that the government intended to overhaul privacy legislation so that any company suffering a data breach was required to share details with banks about customers who had potentially been affected in an effort to minimise fraud. U
The policy announcement was made in the wake of a huge data breach last week, which affected Australia’s second-largest telecom company, Optus. Hackers managed to access a vast amount of potentially sensitive information on up to 9.8 million Optus customers — close to 40 percent of the Australian population. Leaked data included name, date of birth, address, contact information, and in some cases, driver’s license or passport ID numbers.
What appeared to have happened was the breach may have resulted from an improperly secured API that Optus developed to comply with regulations around providing users multifactor authentication options.Data was downloaded by querying the API sequentially for each value of a unique identifier field labeled “contactid” and recording each user’s information one by one until the dataset of millions of records was assembled.
The hater offered the data for sale for $150,000 saying that it was worth $1 million to keep the data private, to be paid in the Monero cryptocurrency. The hacker also released a number of free “sample files,” which they said contained the full address information of 10,000 Optus users.
Screenshot from Breached hacking forum from a person claiming to be the Optus hacker, listing data from 11.2 million user accounts for sale.
But the fact that Optus kept the hack quiet caused many Austrialians to come the raw prawn on social media.
Patrick Keneally, a news editor for Guardian Australia, after the data breach came to light said that Optus can email users when they are a day late in paying my bill, but not when they lose all personal info in a massive cyber hack.