Raff Ciccone (Victoria, Australian Labor Party) Share this | Link to this | Hansard source

My question is to the Minister representing the Minister for Home Affairs, Senator Watt. The cyberattack on Optus and the theft of personally identifiable customer data is of great concern. Can the minister please update the Senate on the breach and the possible impact on Australians?

Murray Watt (Queensland, Australian Labor Party, Minister for Agriculture, Fisheries and Forestry) Share this | Link to this | Hansard source

Thank you, Senator Ciccone. You're right; this is a matter of great concern to all Australians. Australians expect when they hand over their personal data that every effort will be made to keep it safe from harm. We know that millions of Australians have been impacted by the Optus data breach. This data breach, let's be clear, should not have happened. It involved the release of Australian citizens' names, dates of birth, phone numbers, email addresses, residential addresses, and, for some customers, passport and drivers' licence numbers being for sale on the dark web—completely unacceptable.

As the government, we were incredibly concerned this morning about further reports that personal information from the Optus data breach also includes Medicare numbers. Medicare numbers were never advised to have formed part of compromised information from this data breach. Optus has a clear obligation to notify affected individuals and the Australian Information Commissioner when a data breach involving personal information is likely to result in serious harm. Consumers also have a right to know exactly what individual personal information has been compromised in Optus's communications to them.

Yesterday the Minister for Home Affairs called on Optus to provide more support to impacted customers. I was pleased that Optus made a commitment to provide free credit monitoring to impacted consumers. This will help protect consumers against identity theft as a result of this breach. I know all my government colleagues are of the same view. The government expects Optus to continue to work with customers to help them understand the impact on them and what Optus can do to help. Optus owes the Australian public a full explanation—nothing less.

Sue Lines (President) Share this | Link to this | Hansard source

Senator Ciccone, first supplementary?

Raff Ciccone (Victoria, Australian Labor Party) Share this | Link to this | Hansard source

Thank you for that response, Minister. Can you please outline the steps the Australian government is taking in response to the data breach?

Murray Watt (Queensland, Australian Labor Party, Minister for Agriculture, Fisheries and Forestry) Share this | Link to this | Hansard source

Thank you, Senator Ciccone. As the Minister for Home Affairs said yesterday, and as I repeated in this chamber yesterday, very substantial support has been provided by the Australian government since this data breach was revealed. I want to credit the work of the Australian Signals Directorate, the Australian Cyber Security Centre and the Australian Federal Police for their support.

The Attorney-General has also announced today that the Federal Bureau of Investigation is also assisting the AFP with this investigation, which shows the reach of this data breach. The Privacy Commissioner is currently working with Optus to obtain further information to determine whether she will conduct a formal investigation. While we will of course not go into the technical assistance and cybersecurity advice being provided to Optus, we want to reassure Australians that the full weight of cybersecurity capabilities across government, including the Australian Signals Directorate, the Australian Cyber Security Centre and the Australian Federal Police, are working around the clock, along with ministers, to respond to this breach.

Sue Lines (President) Share this | Link to this | Hansard source

Senator Ciccone, a second supplementary.

Raff Ciccone (Victoria, Australian Labor Party) Share this | Link to this | Hansard source

Again, I thank the minister for that answer. Could the minister please outline how this government's approach to cybersecurity contrasts with the previous administration?

Murray Watt (Queensland, Australian Labor Party, Minister for Agriculture, Fisheries and Forestry) Share this | Link to this | Hansard source

Thank you, Senator Ciccone. This is a very important point that I know Senator Wong was also going to in her answer to Senator Paterson's questions. I have outlined the approach that this government have taken in the short time that we've been in office in response to cybersecurity in general, and in response to this particular data breach. The contrast to the inaction and sloth that we saw, for 10 years, from the then government could not be greater.

To give you one example: in March 2019—over three years ago—the then Attorney-General Mr Porter stated that 'existing protections and penalties for misuse of Australians' personal information fall short of community expectations'. That was three years ago. He followed it up by finally introducing legislation in June 2019, saying, again, that penalties needed to be increased for data privacy breaches. That legislation then sat around doing nothing for three years. Further legislation was introduced just before the election—and nothing happened. I noticed Mr Tehan this morning said the former government was 'asleep at the wheel'. Here is yet another example of it doing so. (Time expired.)