The Australian Communications and Media Authority (ACMA) has advised Singtel Optus Pty Limited (Optus) that it has commenced a formal investigation in response to the September 2022 Optus data breach.
The ACMA will investigate the data breach in regard to Optus’ obligations as a telecommunications service provider. These include obligations relating to the acquisition, authentication, retention, disposal and protection of personal information, and requirements to provide fraud mitigation protections.
The ACMA’s investigation will take some time and will be made public once completed. The ACMA will not be commenting further as the investigation progresses.
The ACMA is working in conjunction with the Office of the Australian Information Commissioner and the Department of Home Affairs to ensure effective information-sharing across the respective jurisdictional investigations.
Quote from ACMA Chair, Nerida O’Loughlin
“When customers entrust their personal information to their telecommunications provider, they rightly expect that information will be properly safeguarded. Failure to do this has significant consequences for all involved.
All telcos have obligations regarding how they acquire, retain, protect and dispose of the personal information of their customers. A key focus for the ACMA will be Optus’ compliance with these obligations.
We look forward to full cooperation from Optus in this investigation.”