Regulators are investigating whether Optus should pay compensation to nearly 10 million customers who had their personal data stolen in a massive hack of the telco’s systems.
Both the privacy and media regulators unveiled probes into the data breach on Tuesday, promising to investigate whether Optus took “reasonable steps” to protect the privacy of users.
The Office of the Australian Information Commissioner will look at “personal information handling practices” at Optus.
Meanwhile, the Australian Communications and Media Authority will probe whether Optus obtained, stored and disposed of user data as required by telco companies.
Australian information and privacy commissioner Angelene Falk said the investigations would coordinate with each other.
If the OAIC finds Optus interfered with user privacy, it could require Optus to compensate customers for damages and losses, and improve its cyber security practices.
Fines up to $2.2 million apply for breaking Australian privacy law, which would depend on a successful court prosecution.
The probes are the latest in a barrage of public scrutiny levied at Optus in the wake of the largest cyber attack in Australian history last month.
Some current and former customers had data including passport, medicare and license details stolen, while a larger number had their names, addresses, birthdays and emails taken by cyber criminals.
Though the purported hacker behind the data theft claimed to have deleted most of the information, there are about 10,200 users who’s data was shared online and cannot be retracted.
Regulators continue to warn Australians affected by the hack to remain vigilant against identity theft and personal scams.
Australian Competition and Consumer Commission boss Gina Cass-Gottlieb told a parliamentary committee on Tuesday that ScamWatch was receiving 600 complaints a day related to the Optus hack, with some people already reporting losses.
“What we can see is it’s only a small number of people who have become a victim to a scam, but many are alert to it and are most of all confused and anxious,” Ms Cass-Gottlieb said.
Optus vice president Andrew Sheridan said the telco will “engage fully” with the OAIC’s investigation.
“Optus is committed to working with governments and regulators as we respond to the impacts of the cyber attack,” he said in a statement.