Loading

Last year, Australia’s information commissioner found Uber had breached the privacy rights of an estimated 1.2 million in the incident.

By going public early, Optus has headed off such damaging revelations down the track.

But it doesn’t mean there aren’t questions to answer: how was Optus storing and securing user data? What breach let the hackers in? Exactly how much data was taken?

These aren’t just questions for Optus.

Loading

Some of the largest and best defended internet companies have been hacked in recent months, including Microsoft.

In theory, Australia should be better placed than ever to defend against attacks like the one that hit Optus. Over the last two years, parliament passed laws that put extensive obligations on critical infrastructure companies, like telcos, to address cyber threats and notify authorities about major breaches.

The powers in the legislation are extraordinarily broad, allowing the government in some situations to “direct an entity to do, or refrain from doing, a specified act or thing”.

Those invasive powers were justified as being necessary to ensure that Australians are kept safe.

Now the government has the chance to prove to the public that they work – and to do so as openly as possible.

The Business Briefing newsletter delivers major stories, exclusive coverage and expert opinion. Sign up to get it every weekday morning.