Optus has admitted to three data breaches, affecting more than 300,000 customers, and told the Australian Privacy Commissioner it will embark on an independent review of its IT security systems.
Privacy Commissioner Timothy Pilgrim began investigating the security breaches in July after Optus notified Pilgrim of the three incidents. Pilgrim said Optus took steps to contain the incidents after it become aware of them and cooperated with the OAIC.
‘I appreciate the positive way in which Optus worked with our office to address these incidents. I consider that the enforceable undertaking is an appropriate outcome that will ensure Optus takes steps to strengthen its privacy controls and meet its security obligations under the Privacy Act,” Pilgrim said.
The data breaches highlight concerns from privacy groups, industry and certain members of parliament that files under the Government’s recently passed data retention legislation will be at risk from hackers.