Optus has disclosed that almost 9.8 million of their records were compromised, including personal information of current and previous customers.
This cyber security disaster may be the worst data leak in Australia's history. In Australia, the average cost of a data breach has risen by 2.6% from AUD$6.6 million in 2021 to $6.78 million in 2022.
The OAIC (Office of the Australian Information Commissioner) investigated Optus after three large data breaches because of internal errors and insufficient testing of its IT systems.
At that time, Optus agreed to:
Engage an appropriately experienced and qualified independent third-party auditor to review its compliance with the undertakings and determine whether its practises, procedures, and systems were reasonable in protecting the personal information it held.
Improve its change management monitoring.
Examine the organisation's vulnerability detection methods for the protection of personal information
Examine the design of its primary IT systems.
Enhance its penetration testing
In August 2022, the Australian Federal Court ordered Google to pay AUD$60 million in penalties for misleading representations to consumers.
The US Federal Trade Commission (playing a similar role in the US to the ACCC) entered the area of privacy compliance long back .