The commissioner responsible for investigating the Optus hack has revealed the telco’s collection of personal data may have gone beyond its legal requirements.
Optus has confirmed 2.1 million customers had at least one form of identification and personal information accessed by hackers.
Information Commissioner and Privacy Commissioner Angelene Falk said she believes Optus might have gone “beyond the scope” of the data they needed to hold.
“In some cases I think it does go beyond the scope,” Ms Falk said on Sunrise on Tuesday.
“If we are buying clothes online, our retailer needs to know who they’re dealing with enough to send us the clothes that we bought and also our address – they don’t need to know our date of birth.
“We need to get back to basics. What is the information needed for this product or service? And make sure only that information is being collected.”
Ms Falk said the commission was continuing to investigate the information that Optus collected and the length of time it was held for.
The company released a video statement from chief executive Kelly Bayer Rosmarin on Monday evening confirming just how many people’s data had been compromised in the hack.
“Optus has communicated with these customers and recommended that they take action to change their identification documents,” the company said in a statement.
Optus said of the 9.8 million customers whose data was hacked, it believed 7.7 million did not need to replace documents.
The 2.1 million personal ID details include 150,000 passport and 50,000 Medicare numbers.
These 7.7 million Australians are still warned to be on alert for scammers, as data such as email addresses, date of births and phone numbers were taken.
It was also announced that an external review would be conducted into how the data was breached.
Consulting agency Deloitte will conduct the probe into the embattled telco’s cybersecurity systems, controls, processes and the circumstances surrounding the cyber attack.
“This review will help ensure we understand how it occurred and how we can prevent it from occurring again,” Ms Bayer Rosmarin said.
In a statement, Optus said the review was recommended by Ms Bayer Rosmarin and was supported unanimously by the Singtel Board, the telco’s parent company.
Denial of responsibility! galaxyconcerns is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.