The government of Australia wants to make it harder to reveal cyber attacks after one of the biggest data breeches in Australian history.
On Monday, Prime Minister Anthony Albanese told Australian radio station 4BC that the government intended to change privacy legislation so that companies that suffer a data breach are required to share information with banks about customers who may have been involved in fraud. Privacy legislation in Australia prevents companies from sharing customer information with third parties.
The policy announcement was made in the wake of a huge data breach. A huge amount of potentially sensitive information was accessed by hackers on up to 9.8 million Optus customers. Some of the leaked data included driver's license or passport ID numbers.
The report from ABC News Australia suggested that the violation may have been caused by an improperly secured application programming interface.
In conversations with Jeremy Kirk, a person claimed to be the hacker of the data breach. Kirk was given details of how the data was downloaded by the presumed hacker and how he recorded each user's information one by one.
A post in a popular hacking forum claimed to offer the user data for sale for $150,000 and listed an extortion price of $1 million to keep the data private. A number of free sample files were released by the hacker, which they said contained the full address information of 10,000 people.
Many Optus customers have taken to social media to express their displeasure with how the hack was being handled, particularly in regards to notifying affected users that their data was at risk.
Patrick Keneally, a news editor for Guardian Australia, was one of the people whose data was lost in the cyber attack.