House debates

Monday, 26 September 2022

Questions without Notice

Cybersecurity

2:12 pm

Photo of Fiona PhillipsFiona Phillips (Gilmore, Australian Labor Party) Share this | | Hansard source

My question is to the Minister for Home Affairs and for Cyber Security. What action is the Australian government taking as a result of the Optus data breach?

Photo of Clare O'NeilClare O'Neil (Hotham, Australian Labor Party, Minister for Home Affairs) Share this | | Hansard source

I thank the member for Gilmore for this very important question. On Wednesday 21 September the Australian government was advised by Optus of a significant cybersecurity breach. Optus have advised that this breach has revealed some personal data of 9.8 million Australians. Of those, 2.8 million Australians have had significant amounts of their personal data taken. Responsibility for this security breach rests with Optus, and I note that the breach is of a nature that we should not expect to see in a large telecommunications provider in this country. Very substantial support has been provided by the Australian government, and I credit the work of the Australian Signals Directorate, the Australian Cyber Security Centre and the Australian Federal Police in that support.

For the Australian government more broadly, our focus now is on doing whatever we can to help protect Australians who are affected by this breach. This is a very large, multi-agency effort which has seen many hundreds of public servants work through recent public holidays, through the night and straight through the weekend, and the Albanese government thanks them for their efforts. The Australian government, the ACCC and APRA are engaging with the banking sector to see what additional steps can be taken to protect customers. This is complex. It's legally and technically complex, but we are working on a solution. We will also be providing additional protections on government platforms such as myGov.

We expect Optus to continue to do everything that they can to support their customers and former customers. One way that they can do this is by providing free credit-monitoring to impacted customers. It will help protect those customers against identity theft, and I call on Optus to make that commitment today. Put yourselves in the shoes of the customer—you might be one of the member for Gilmore's constituents living in Bateman's Bay or Nowra, you might be a pensioner whose information has been stolen. This is a time of intense anxiety, and I say to Optus: you can do something about this problem today, and we ask you to do that.

    A very substantial reform task is going to emerge from a breach of this scale and size, and there are a number of policy issues that I think that the public will soon become quite aware of. One significant question is whether the cybersecurity requirements that we place on large telecommunications providers in this country are fit for purpose. I also note that in other jurisdictions a data breach of this size would result in fines amounting to hundreds of millions of dollars. I really hope that this reform task is something that we can work on collaboratively across the parliament. I will speak in coming days about how we will work through those issues in conjunction with other members of parliament.