“One way they can do this is by providing free credit monitoring to impacted customers. This will help protect those customers against identity theft and I call on Optus to make that commitment today.”
Free credit monitoring would help Optus customers suffering “intense anxiety” after the hack, she said.
Saying the policy issues raised by the hack were “legally and technically complex”, O’Neil said: “A very substantial reform task will emerge from a breach of [this] scale and size, and there are a number of policy issues that I think the public will soon become quite aware of.
“One significant question is whether the cybersecurity requirements we place on large telecommunications providers in this country are fit for purpose.
“I also note that in other jurisdictions, a data breach of this size will result in fines amounting to hundreds of millions of dollars.”
Opposition home affairs spokesperson Karen Andrews accused O’Neil of being “asleep at the wheel” after the hack and failing to adequately inform Australians how the government would respond.
Prime Minister Anthony Albanese described the hack as a “huge wake-up call for the corporate sector” on the need to secure customers’ personal data.
He said the government was looking to change privacy rules so banks could be quickly notified when data breaches have occurred.
Law firm Slater and Gordon announced it was investigating a possible class action against Optus on behalf of current and former customers affected by the hack.
Loading
“We consider that the consequences could be particularly serious for vulnerable members of society, such as domestic violence survivors, victims of stalking and other threatening behaviour, and people who are seeking or have previously sought asylum in Australia,” the firm’s class actions senior associate, Ben Zocco, said.
“Given the type of information that has been reportedly disclosed, these people can’t simply heed Optus’ advice to be on the lookout for scam emails and text messages.”
Investigating a class action is not the same as filing a legal claim and is commonly used by class action firms to attract the plaintiffs they need to run a case. Slater and Gordon said it had previously run mass claims over privacy breaches, including representing thousands of asylum seekers whose data was leaked in 2014.