Breaking News

Australia to change privacy laws after massive data breach

Australia to change privacy laws after massive data breach

Following one of the largest data breaches in Australian history, the Australian government is planning to tighten the requirements for disclosure of cyber attacks.

On Monday, Prime Minister Anthony Albanese told Australian radio station 4BC that the government is planning to allow any company suffering a data breach to provide information about potentially affected customers to banks in an effort to reduce fraud. Privacy intends to change the law. Required sharing of details Under current Australian privacy law, companies are prohibited from sharing such details about their customers with third parties.

The policy was announced last week in the wake of a major data breach affecting Australia's second largest telecommunications company, Optus. The hackers managed to access a vast amount of potentially sensitive information up to 9.8 million Optus customers – about 40 percent of the Australian population. The leaked data included names, dates of birth, addresses, contact information and in some cases driving license or passport ID numbers.

The ABC News Australia report suggested that the breach may have resulted from an improperly secure API that Optus developed to comply with rules to provide users with multi-factor authentication options.

A man claiming to be an Optus hacker confirmed this account of the data breach in a conversation with security journalist Jeremy Kirk. As described by Kirk supposedly Hacker, the data was then downloaded by sequentially querying the API for each value of a unique identifier field labeled "contactid" and recording each user's information one by one. it was done. Until a dataset of millions of records was assembled.

A post by the same person in a popular hacking forum claimed that user data was offered for sale for $150,000 and listed an extortionate price of $1 million to keep the data private, which was paid Made by Monero. Cryptocurrency will be done. The hackers also released several free "sample files," which they said contained the complete address information of 10,000 Optus users.

As the situation unfolded, many Optus customers took to social media to express their dismay at how the hack was being handled, particularly with regard to notifying affected users that their data was at risk.

Patrick Keneally, a news editor for Guardian Australia, tweeted after the data breach, "Surprisingly, Optus can email me a day's delay in paying my bill, but not when they get all my money in one go." Got into a big cyber hack." Losing Personal Information." Byrne.

No comments