Following a major data breach at Optus, the country’s second-largest mobile operator, Australia on Thursday proposed updating consumer privacy legislation to help allow targeted data sharing between telcos and banks.
A cyberattack against Optus, owned by Singapore Telecommunication Ltd (Singtel), last month was one of Australia’s largest data breaches, which compromised data from up to 10 million subscribers, including home addresses, driver’s license numbers and passport numbers.
Telecommunications companies will be allowed to exchange government-issued identification documents with banks to improve monitoring of customers affected by data breaches as a result of the amendments.
“They have been carefully designed with strict privacy and security measures in place to ensure that only limited information can be temporarily available to prevent and respond to cybersecurity issues, scams, scams and related activities,” Treasurer Jim Chalmers said during a press release. -conferences. .
The proposed improvements will also enable better detection of fraud in the broader financial services sector by leveraging existing industry methods for reporting illegal transactions, such as fraud reporting.
Due to data security concerns, Chalmers said the government would not disclose the names of financial institutions that receive data from Optus.
When information is no longer needed, banks must destroy it, the treasurer said, and it can only be used to prevent or respond to cybersecurity issues, fraud, scams, or identity theft.
Australia’s telecommunications, banking and government sectors were on high alert in the wake of the Optus cyberattack, and privacy legislation was recommended to be amended to help institutions take swift action to avoid fraudulent transactions.
The Australian government, which believes the Optus hack was caused by a fundamental security vulnerability, has penalized the business for presenting the attack as sophisticated and failing to notify affected consumers.