OAIC statement on Optus data breach
The OAIC has been contacted by Optus and made aware of their data breach.
The OAIC will engage with Optus to ensure compliance with the requirements of the Notifiable Data Breaches (NDB) scheme in accordance with our usual process.
Under the NDB scheme, organisations covered by the Privacy Act 1988 must notify affected individuals and the OAIC as quickly as possible if they experience a data breach that is likely to result in serious harm to individuals whose personal information is involved.
The NDB scheme ensures individuals are informed and can take steps to protect themselves from any further risk. Following a breach, individuals need to be alert to any suspicious or unexpected activity on their personal accounts or devices.
Under the Privacy Act, organisations have obligations to protect against unauthorised access, unauthorised disclosure or loss of personal information. When a breach occurs, an organisation should contain the breach and take remedial action.