Latest news with #CarlyKind
7NEWS
3 days ago
- Business
- 7NEWS
Privacy commissioner AOIC sues telco Optus over data breach of 9.5 million customers in Australian
Optus seriously interfered with the privacy of about 9.5 million Australians in failing to protect their data, and could face hefty fines for each breach in new court action. The Office of the Australian Information Commissioner (OAIC) has filed Federal Court proceedings against the telco for the September 2022 cyber attack, which resulted customers' private data - including home addresses, birth dates, phone numbers and email addresses - finding its way to the dark web. Optus failed to take reasonable steps to protect users' data, breaching the telco's obligations under the Privacy Act, chief commissioner Elizabeth Tydd said. 'Organisations hold personal information within legal requirements and based upon trust,' she said. 'The Australian community should have confidence that organisations will act accordingly, and if they don't the OAIC as regulator will act to secure those rights.' The action comes after the organisation's investigation following the attack. Optus said it would review and consider the matters raised in the proceedings and would respond to the OAIC's claims in due course. 'Optus apologises again to our customers and the broader community that the 2022 cyber-attack occurred,' a spokesman said in a statement. 'We strive every day to protect our customers' information and have been working hard to minimise any impact the cyber attack may have had.' The Federal Court can impose a civil penalty of up to $2.22 million for each contravention of the Act, and the OAIC is alleging one breach for each of the approximately 9.5 million individuals impacted. Imposing the maximum penalty for all victims would be impossible, since Optus' Singapore-listed owner Singtel has a total market value of about $101.5 billion. The breach highlighted some of the risks associated with external-facing websites, particularly when they interacted with internal databases holding personal information, Australian Privacy Commissioner Carly Kind said. 'All organisations holding personal information need to ensure they have strong data governance and security practices,' she said. 'These need to be both thorough and embedded, to guard against vulnerabilities that threat actors will be ready to exploit.'
7NEWS
3 days ago
- Business
- 7NEWS
Privacy commissioner sues Optus over data breach
Optus seriously interfered with the privacy of about 9.5 million Australians in failing to protect their data, and could face hefty fines for each breach in new court action. The Office of the Australian Information Commissioner (OAIC) has filed Federal Court proceedings against the telco for the September 2022 cyber attack, which resulted customers' private data - including home addresses, birth dates, phone numbers and email addresses - finding its way to the dark web. Optus failed to take reasonable steps to protect users' data, breaching the telco's obligations under the Privacy Act, chief commissioner Elizabeth Tydd said. 'Organisations hold personal information within legal requirements and based upon trust,' she said. 'The Australian community should have confidence that organisations will act accordingly, and if they don't the OAIC as regulator will act to secure those rights.' The action comes after the organisation's investigation following the attack. Optus said it would review and consider the matters raised in the proceedings and would respond to the OAIC's claims in due course. 'Optus apologises again to our customers and the broader community that the 2022 cyber-attack occurred,' a spokesman said in a statement. 'We strive every day to protect our customers' information and have been working hard to minimise any impact the cyber attack may have had.' The Federal Court can impose a civil penalty of up to $2.22 million for each contravention of the Act, and the OAIC is alleging one breach for each of the approximately 9.5 million individuals impacted. Imposing the maximum penalty for all victims would be impossible, since Optus' Singapore-listed owner Singtel has a total market value of about $101.5 billion. The breach highlighted some of the risks associated with external-facing websites, particularly when they interacted with internal databases holding personal information, Australian Privacy Commissioner Carly Kind said. 'All organisations holding personal information need to ensure they have strong data governance and security practices,' she said. 'These need to be both thorough and embedded, to guard against vulnerabilities that threat actors will be ready to exploit.'
Perth Now
3 days ago
- Business
- Perth Now
Privacy commissioner sues Optus over data breach
Optus seriously interfered with the privacy of about 9.5 million Australians in failing to protect their data, and could face hefty fines for each breach in new court action. The Office of the Australian Information Commissioner (OAIC) has filed Federal Court proceedings against the telco for the September 2022 cyber attack, which resulted customers' private data - including home addresses, birth dates, phone numbers and email addresses - finding its way to the dark web. Optus failed to take reasonable steps to protect users' data, breaching the telco's obligations under the Privacy Act, chief commissioner Elizabeth Tydd said. "Organisations hold personal information within legal requirements and based upon trust," she said. "The Australian community should have confidence that organisations will act accordingly, and if they don't the OAIC as regulator will act to secure those rights." The action comes after the organisation's investigation following the attack. Optus said it would review and consider the matters raised in the proceedings and would respond to the OAIC's claims in due course. "Optus apologises again to our customers and the broader community that the 2022 cyber-attack occurred," a spokesman said in a statement. "We strive every day to protect our customers' information and have been working hard to minimise any impact the cyber attack may have had." The Federal Court can impose a civil penalty of up to $2.22 million for each contravention of the Act, and the OAIC is alleging one breach for each of the approximately 9.5 million individuals impacted. Imposing the maximum penalty for all victims would be impossible, since Optus' Singapore-listed owner Singtel has a total market value of about $101.5 billion. The breach highlighted some of the risks associated with external-facing websites, particularly when they interacted with internal databases holding personal information, Australian Privacy Commissioner Carly Kind said. "All organisations holding personal information need to ensure they have strong data governance and security practices," she said. "These need to be both thorough and embedded, to guard against vulnerabilities that threat actors will be ready to exploit."
Sky News AU
3 days ago
- Business
- Sky News AU
Optus sued over 2022 data breach that exposed data of 9.5m people
Optus is being sued for allegedly failing to protect the data of 9.5 million people. The Australian Information Commissioner announced on Friday it was launching the legal action. The case stems from a data breach in September 2022. The Information Commissioner will argue Optus failed to adequately manage cybersecurity and information security risk. 'Organisations hold personal information within legal requirements and based upon trust,' commissioner Elizabeth Tydd said. 'The Australian community should have confidence that organisations will act accordingly, and if they don't, the OAIC as regulator will act to secure those rights.' An Optus spokesperson said the company would 'consider the matters raised in the proceedings and will respond to the claims made by the AIC in due course'. 'Optus apologises again to our customers and the broader community that the 2022 cyber attack occurred,' the spokesperson said. 'We strive every day to protect our customers' information and have been working hard to minimise any impact the cyber attack may have had.' Optus would keep investing in security, the spokesperson said, and the cyber threat environment was evolving. 'As the matter is now before the Australian courts, Optus will not be commenting further at this time,' they said. Australian Privacy Commissioner Carly Kind said strong data governance and security needed to be embedded in organisations. 'To guard against vulnerabilities that threat actors will be ready to exploit,' Ms Kind said. The lawsuit alleges that from on, or around October 17, 2019 to September 20, 2022, Optus seriously interfered with the privacy of about 9.5 million Australians by failing to take reasonable steps to protect their personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. The case is being pursued as an alleged breach of the Privacy Act 1988. The Information Commission alleges Optus failed to adequately manage cybersecurity and information security risk in a manner commensurate with the nature and volume of personal information that Optus held, the company's size and its risk profile. In September 2022 a cybercriminal stole personal information of 9.5 million current and former Optus customers. The data included names, birthdays, phone numbers, passport numbers, email addresses, driver's licence numbers, government identifiers, Medicare numbers, birth certificate information, marriage certificate information, and military and police identification information. The Federal Court can fine a company $2.22m for each contravention of the type in this lawsuit. The Australian Information Commissioner is alleging each of the 9.5 million customers should be treated as an individual contravention. Optus is wholly owned by Singapore Telecommunications Limited (Singtel), which in turn is majority-owned by the investment arm of the Singapore government. Originally published as Optus sued over 2022 data breach that exposed data of 9.5m people
News.com.au
4 days ago
- Business
- News.com.au
Optus sued over 2022 data breach that exposed data of 9.5m people
Optus is being sued for allegedly failing to protect the data of 9.5 million people. The Australian Information Commissioner announced on Friday it was launching the legal action. The case stems from a data breach in September 2022. The Information Commissioner will argue Optus failed to adequately manage cybersecurity and information security risk. 'Organisations hold personal information within legal requirements and based upon trust,' commissioner Elizabeth Tydd said. 'The Australian community should have confidence that organisations will act accordingly, and if they don't, the OAIC as regulator will act to secure those rights.' An Optus spokesperson said the company would 'consider the matters raised in the proceedings and will respond to the claims made by the AIC in due course'. 'Optus apologises again to our customers and the broader community that the 2022 cyber attack occurred,' the spokesperson said. 'We strive every day to protect our customers' information and have been working hard to minimise any impact the cyber attack may have had.' Optus would keep investing in security, the spokesperson said, and the cyber threat environment was evolving. 'As the matter is now before the Australian courts, Optus will not be commenting further at this time,' they said. Australian Privacy Commissioner Carly Kind said strong data governance and security needed to be embedded in organisations. 'To guard against vulnerabilities that threat actors will be ready to exploit,' Ms Kind said. The lawsuit alleges that from on, or around October 17, 2019 to September 20, 2022, Optus seriously interfered with the privacy of about 9.5 million Australians by failing to take reasonable steps to protect their personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. The case is being pursued as an alleged breach of the Privacy Act 1988. The Information Commission alleges Optus failed to adequately manage cybersecurity and information security risk in a manner commensurate with the nature and volume of personal information that Optus held, the company's size and its risk profile.
