[haser_au]

The recent update to Cyber Security legislation in Australia specifically states that any major breach must be reported to the Australian Cyber Security Centre within 24 hours of becoming aware of it. "MAJOR" being subjective, but this easily qualifies.

There are significant penalties for not disclosing within this time period, which is why I think we are seeing this reported before Optus has a clearer plan of how to deal with it.

As a customer of Optus and cyber security trained professional, I'm very frustrated, to say the least.

[fblp]

Thank for that extra info on the obligatory reporting. Good for consumers to know now. I feel like this report could take months to come out in the US.