Canberra: Two Australian watchdogs on Tuesday announced that they have commenced formal investigations into Optus, in response to the telco’s data breach of up to 10 million customers in September.
The Office of the Australia Information Commissioner (OAIC) said in a statement that its investigation would inspect the personal information handling practices of Optus Mobile, Optus Internet and their parent company Singtel, reports Xinhua news agency.
Whether the companies took reasonable steps to protect personal information from misuse, inference, loss, unauthorised access, modification or disclosure, whether the information the company collected and retained was necessary to their business and whether they complied with the Australian Privacy principles are the investigation’s focus.
In September, Optus, Australia’s second-largest mobile network operator, said a cyber attack had exposed the data of up to 10 million current and former customers, with 2.8 million people significantly affected.
According to the statement, if the investigation finds serious and/or repeated interferences with privacy in contravention of the Australian privacy law, then the Commissioner has the power to seek civil penalties of up to A$2.2 million for each contravention.
The OAIC’s investigation will be coordinated with that of the Australian Communications and Media Authority (ACMA), which was also released on Tuesday.
“All telcos have obligations regarding how they acquire, retain, protect and dispose of the personal information of their customers. A key focus for the ACMA will be Optus’ compliance with these obligations,” said Nerida O’Loughlin, ACMA’s chair.