Federal Minister for Cyber Security Clare O’Neil is “incredibly concerned” about new reports that the Medicare details of Australians are now being offered “for free and for ransom” after a data breach at Optus.
She said the government had never been informed that Medicare information had been compromised, with Optus previously only mentioning drivers licenses and passport numbers.
“I am incredibly concerned this morning about reports that personal information from the Optus data breach, including Medicare numbers, are now being offered for free and for ransom. Medicare numbers were never advised to form part of compromised information from the breach,” O’Neil said in a statement.
“Consumers have a right to know exactly what individual personal information has been compromised in Optus’ communications to them. Reports today make this a priority.”
In the statement, O’Neil said she wanted to reassure Australians affected that the full weight of the federal government’s cyber security capabilities were being used to help Optus respond to the breach.
It comes after Optus admitted that nearly 10 million current and former customers’ data had been accessed in a cyber-attack.
On Tuesday, the hackers released 10,000 records of customer data and threatened this would continue each day until Optus pays them $1.5 million.
Speaking to Laura Tingle on ABC’s 7.30 on Monday night, O’Neil said Australia was about a decade behind when it comes to privacy protections.
“I don’t want to blame this on the previous government, but I just want to note that we are probably a decade behind in privacy protections where we ought to be,” she said. “I would say we are about five years behind in cyber protections than where we should be given how fast things are moving.”
“When it comes to cyber protections, the previous government put in place a very significant piece of legislation that I think was very good start but it didn’t bring telecommunications companies into that legislation.
“What it’s meant is that I am more limited with telecommunications companies in terms of the power I have.”
O’Neil also said the cyber-attack at Optus “wasn’t a sophisticated attack”.
“We should not have a telecommunications provider in this country that has effectively left the window open for data of this nature to be stolen.”