NEWS THAT MATTERS

Service NSW must protect

taxpayer’s data with Optus contract

It’s now no secret that millions of Optus customers and ex customers have had their personal information compromised after the telco was hacked - but where does this leave Service NSW customers?

30 September 2022

ALAN HAYES

 

SHADOW Minister for Customers Service and Digital, Yasmin Catley, said that Labor is calling on the Perrottet Government to ensure that taxpayer data, subject to a contract between Optus and Service NSW, is protected.

 

In August 2022, Optus was awarded a lucrative three-year multimillion dollar contract to manage the inbound service business for Service NSW.

 

After the recent cyberattack on Optus the Perrottet Government must ensure that all commercially sensitive and private customer data under this Optus contract is protected from hacking.

 

Under the Liberal Government, Service NSW has had a poor history when it comes to protecting taxpayers’ data.

 

A major data breach back in early 2020 affected more than 100,000 taxpayers’ personal information and resulted in taxpayers having to fork out up to $35 million to fix the problem.

 

NSW Shadow Minister for Finance, Anoulack Chanthivong said, “I urge the Liberal Government to immediately contact Optus about this lucrative multimillion dollar contract with Service NSW to ensure that strong measures are in place to protect taxpayers’ data from being hacked.

 

“The last thing NSW taxpayers need is for the Liberal Government through Service NSW to not properly manage this Optus contract and to underestimate the risks despite almost 10 million Australians having their personal details used as a ransom bargaining chip on the internet.

 

“Millions of dollars will be spent on this lucrative contract and every preventative measure must be undertaken to prevent data hacking and potentially millions more to be spent fixing the problem afterwards.”

 

Yasmin Catley, NSW Shadow Minister for Customer Service and Digital, said, “The current situation is causing every Optus customer great anxiety in having their personal details hacked and the NSW Government should be no different.

 

“I urge the Liberal Government to take the potential risks in this contract seriously and work with Optus to prevent any inbound business services taxpayer data being hacked.”

 

The Perrottet Government has no alternative than to guarantee Service NSW customers that they have immediately put in place steps to prevent data being hacked, since it has already been reported that Optus resisted calls to boost its cyber security.

 

The federal government’s response to the Optus cyberattack all but confirms that the alleged hacker, who tried to extort the company, is the real deal — and that’s bad news for those affected.

 

And how did Optus respond to current and former customers? Not in a timely manner – the data breach was reported by the media long before Optus put ‘pen to paper’.

 

As a former Optus customer, I, and no doubt along with millions of other people on the Optus database, received an email on Wednesday 28 September 2022 an email informing me what had happened – the Optus snail must have been struggling to reach the computer keyboard!

 

The email letter open with: “It is with great disappointment I’m writing to let you know that Optus has been a victim of a cyberattack. As a former Optus customer this has resulted in the disclosure of some of your personal information.

 

“The information which has been exposed is a combination of your name, date of birth, email, phone number and/or address associated with your former account.

 

“Look out for any suspicious or unexpected activity across your online accounts, including your bank accounts. Make sure to report any fraudulent activity immediately to the related provider.”

 

That’s enough information for any fraudster to salivate over!

 

Optus confirmed in their letter that no ID document numbers or details have been affected, yet Home Affairs and Cyber Security Minister Clare O’Neil released a statement said she was troubled by reports about Medicare numbers being leaked: “Medicare numbers were never advised to form part of compromised information from the breach.”

 

Despite Optus denying that Medicare data had not been compromised it has now been confirmed that Medicare details were obtained in the cyberattack –not only Medicare information but passport and driver’s licence details as well.

 

Medicare numbers are widely accepted as proof of ID for those who don't have a driver's licence or a passport, as many Australians don't. How valuable is that data to criminals, especially people engaged in identity theft?

 

Minister for Health and Aged Care Mark Butler said, “Well, all of this data is obviously of potential value to criminals, and that's why consumers are rightly so concerned, almost ten million of them, at the loss of that data from this huge breach of Optus’ data held.”

 

Attorney-General Mark Dreyfus and Health Minister Mark Butler reiterated concerns about Medicare details being made public, the latter saying the government was considering allowing people to get new Medicare numbers.

 

The cavalier and negligent attitude by Optus in protecting its collected data from Cyberattack is outrageous and begs the question: how safe was the Service NSW data at the time of the attack?

 

Although Optus said in their customer letter, “Upon discovering the cyberattack, we immediately took action to shut it down to protect your information”, the horse had already bolted.

 

“We apologise unreservedly and are devastated this could occur. We are working as hard as possible with the relevant authorities and organisations to ensure no harm comes from this unfortunate occurrence,” Optus said.

 

No amount of apologising should let Optus off the hook for their negligence in not adequately protecting personal information gathered and at the very least they should be held to account for any financial loss suffered by its current and former customers.

 

Minister Mark Butler has confirmed that all the resources of government are going into protecting consumers in the face of this extraordinary breach of their personal data.

 

“At the state level, state governments are looking at the consequences for driver's licences and so on.”

 

Yesterday morning the NSW Premier said that that any concerns around the security of details through Service NSW are unfounded and that everything is secure. Yet despite that brief announcement the Perrottet Government have not given any assurance to customers from Optus that their personal information, when it comes to Service NSW, is secure and it hasn't been compromised.

 

NSW Shadow Minister for Customer Service and Digital, Yasmin Catley said that her office has been constantly in touch with the government but are frustrated that they are not forthcoming in revealing whether steps have actually been taken to protect inbound Service NSW data through the Optus portal.

 

To clarify if the Perrottet Government is confident that Service NSW is secure and hasn't or will not be hacked through the Optus portal, the Grapevine contacted the office of Central Coast parliamentary secretary Adam Crouch, via email, and asked the following question: "Can you please confirm what arrangements have been made by the NSW Government to ensure inbound data to Service NSW, through the Optus portal, has been protected against cyberattack.

 

"The story goes live tomorrow morning, so your comments would be appreciated this afternoon."

 

There wasn't even the courtesy of a reply!

SUBSCRIBE FOR FREE to the Grapevine News Online and to the monthly e-book edition of the Grapevine Community News. You will receive an email notification every time a news story goes live, keeping you up to date with what is happening in your community.

Submitting Form...

The server encountered an error.

Subscription received.

Our online news platform and monthly newspaper is about real local news and events. We will not spam you or share your details with third parties.