Peter Khalil (Wills, Australian Labor Party) Share this | Link to this | Hansard source

My question is to the Minister representing the Minister for Home Affairs. The cyberattack on Optus and theft of personally identifiable Australian customer data is of great concern. Can the minister update the House on the breach and the steps being taken to protect the privacy of Australians' data?

Mark Dreyfus (Isaacs, Australian Labor Party, Cabinet Secretary) Share this | Link to this | Hansard source

I thank the member for Wills for his question. Australians expect that when they hand over their personal data every effort will be made to keep it safe from harm. We know that millions of Australians have been impacted by the Optus data breach. It is a data breach which should never have happened. It involved the release of Australian citizens' names, dates of birth, phone numbers, email addresses, residential addresses and, for some customers, passport numbers and drivers licence numbers, which are apparently for sale on the dark web. We were concerned this morning about reports that personal information from the Optus data breach apparently also includes Medicare numbers. Medicare numbers were never notified as forming part of the breach.

I can say that Optus has a clear obligation to notify affected individuals, which of course includes both past customers of Optus and present customers of Optus. Optus has a clear obligation to notify both the affected individuals and the Australian Information Commissioner when a data breach involving personal information is likely to result in serious harm. Consumers have also got a right to know exactly what individual personal information has been compromised in Optus's communications to them.

While we of course will not go into the technical assistance and cybersecurity advice that is being provided to Optus, we can reassure Australians that the whole of the Australian government is working to address the consequences of this breach. In particular, the Australian Federal Police is devoting huge effort, with a large number of officers working on this. The Australian Federal Police is working with industry, working with state and territory police forces and also working with the FBI to address the consequences of this breach.