Any company that has had a data breach like this is obliged, where there’s serious harm, to notify the Privacy Commissioner and notify their customers. Regrettably, Optus left out of the notification initially that some Medicare numbers, in addition to passport numbers and driver’s licence numbers, were included in the data breach.
Read full article on The Guardian