On Friday, Optus publicly admitted that the personal information of 9.8 million customers had been extracted from its database, most of the country’s adult population. It is the largest cybersecurity breach in Australian history.
On Saturday, O’Neil and Albanese coordinated the government’s response in phone calls with half a dozen other ministers. They worked all weekend with hundreds of officials in various departments.
While the ASD and the Federal Police worked to find the culprit, other departments were activated to prevent the misuse of the personal data of these 9.8 million people to access all kinds of systems.
For example, Treasurer Jim Chalmers activated financial system regulators to protect bank accounts, Foreign Secretary Penny Wong was tasked with protecting the passport system, Health Minister Mark Butler the health system, etc. .
On the same day, O’Neil and Albanese spoke with Optus CEO Kelly Bayer Rosmarin. O’Neil urged her to immediately clarify with all Optus customers what information had been taken. A week later, Optus still hasn’t done it completely.
O’Neil, a Melburnian and therefore necessarily a football fanatic, had planned to go to the AFL Grand Final on Saturday. She canceled, just posting a generic good luck tweet, as she worked on the Optus issue. On the same day, she tweeted her first public response to Optus’ breach.
Opposition Leader Peter Dutton later complained that “Clare O’Neil has essentially been absent from action on this issue” and that she “found time to tweet about football and about all this, while people were placed in a vulnerable situation”. position”.
The alleged thief publicly demanded a $1 million ransom from Optus. He or she would leak the details of 10,000 Optus customers every day until they are paid.
The first batch was posted openly on the web on Tuesday, exposing a fact that Optus had not mentioned – that the thief had taken thousands of customers’ Medicare card numbers.
The government’s immediate concern was to prevent this treasure from being used as a base for large-scale identity theft – the details could be used by any criminal to apply for credit while impersonating the one of the victims, or applying for a job, or applying for government benefits.
When the alleged thief withdrew the ransom note and deleted the details of the 10,000 from the web, apparently panicked – “too many eyes. We will not sell data to anyone” – this did not solve the problem.
The personal information of these 10,000 people had already been copied onto the web for exploitation. Thus, on Friday, the federal police announced Operation Guardian to “focus on key measures to help protect affected customers”.
A task force would monitor online forums, the internet and the dark web and work with the private sector to detect criminal activity.
The episode in general prompted the Albanian government to correct a series of regulatory loopholes that the Morrison government had left behind.
For example, Clare O’Neil expressed outrage that the only fine Optus could be required to pay under current law is $2.1 million for violating the Protection of Life Act. private, whereas if it had done the same thing in Europe, it would be liable to hundreds of millions in fines.
Attorney General Mark Dreyfus has pledged an urgent review of privacy law to better protect personal data. Businesses should check driving licenses and passports to verify identity, he said, but there was no reason to record and retain the data. Companies needed to stop viewing customer data as an asset and realize it was a liability, he said.
The government felt under-equipped to demand that Optus treat its customers fairly. The government had to pressure him to offer his customers the services of a credit bureau and to pay the cost of replacing passports for people whose contact details were compromised, for example.
The Morrison government commissioned a 2019 review into identity theft – the Wilkins report. She found that half a million identity documents were stolen or lost each year. On average, individuals spent 23 hours dealing with 37 different organizations trying to overcome the effects. He recommended a new agency to coordinate identity theft protection and recovery, as reported by Tom Burton in the Australian Financial Review this week. But the Morrison government shelved the report and did nothing.
Clare O’Neil lamented that Australia is “five years behind on cybersecurity laws and 10 years behind on privacy”. She intends to carry out a thorough review of cybersecurity legislation, turning the crisis into an opportunity to make Australia a global leader.
The government’s handling of the crisis has been remarkable. Not only because it was relatively efficient and useful. But because of everything that is happening around him.
This week, the government managed to introduce legislation in Parliament on four of its election commitments – reducing the price of medicines under the Pharmacy Benefits Scheme, repealing the cashless debit card, reducing the cost of childcare children for 96% of families and create a National Commission against Corruption.
At the same time, he handled the Optus crisis. And provided a solution to another crisis that erupted after he took office – the impending lack of gas supply in eastern Australia. Resources Minister Madeleine King cajoled and coerced the big three gas companies into guaranteeing that they would meet all supply needs. They signed the guarantee this week.
And simultaneously, Albanese this week cemented relationships with US Vice President Kamala Harris, Japanese Prime Minister Kishida Fumio and India’s Narendra Modi, among others.
Calmly handling major crises with one hand while simultaneously introducing major reforms and managing the day-to-day business of government with the other is an impressive display of political ambidexterity. This has been rare in recent Australian experience.
The secret to government success? Albanians delegate to their ministers and trust them to do their job. Scott Morrison was an obsessive centralizer and micromanager. Albanese operates as chairman of the board rather than chief executive. Bob Hawke defined the model and Albanese proposes to imitate it.
One of his sayings: “You can’t run the government from the Prime Minister’s office. A government functions well when all of its components function well.
Peter Hartcher is a political editor.