House debates
Tuesday, 27 September 2022
Questions without Notice
Cybersecurity
2:16 pm
Mark Dreyfus (Isaacs, Australian Labor Party, Cabinet Secretary) Share this | Hansard source
I thank the member for Wills for his question. Australians expect that when they hand over their personal data every effort will be made to keep it safe from harm. We know that millions of Australians have been impacted by the Optus data breach. It is a data breach which should never have happened. It involved the release of Australian citizens' names, dates of birth, phone numbers, email addresses, residential addresses and, for some customers, passport numbers and drivers licence numbers, which are apparently for sale on the dark web. We were concerned this morning about reports that personal information from the Optus data breach apparently also includes Medicare numbers. Medicare numbers were never notified as forming part of the breach.
I can say that Optus has a clear obligation to notify affected individuals, which of course includes both past customers of Optus and present customers of Optus. Optus has a clear obligation to notify both the affected individuals and the Australian Information Commissioner when a data breach involving personal information is likely to result in serious harm. Consumers have also got a right to know exactly what individual personal information has been compromised in Optus's communications to them.
While we of course will not go into the technical assistance and cybersecurity advice that is being provided to Optus, we can reassure Australians that the whole of the Australian government is working to address the consequences of this breach. In particular, the Australian Federal Police is devoting huge effort, with a large number of officers working on this. The Australian Federal Police is working with industry, working with state and territory police forces and also working with the FBI to address the consequences of this breach.
No comments