Sam George’s claim about “unprecedented” data breach in Australia is misleading

On Monday, October 3, 2022, the Member of Parliament for Ningo-Prampram, Samuel Nartey George, stated on Accra-based Asempa FM that 12 million Australians have lost their personal data to a cyber-attack.

The MP said this while questioning the rationale behind the Ministry of Communications and Digitalization’s insistence on re-registering all SIM cards in Ghana with only the Ghana Card.

The National Democratic Congress lawmaker wondered why the data the ministry had gathered had not been “matched” with that of the National Identification Authority’s (NIA) database. He further asked, “what is the reason for gathering that biometrics” if the NIA, the producers of the Ghana Card, have not verified the data that has been collected.

He, therefore, expressed worry about how easily the data of Ghanaians could fall into the hands of unscrupulous people if care is not taken.

“Which company collected the biometrics? Those biometrics where are they going? Now, NIA has released a statement saying they have no idea about the biometrics being collected and they can’t verify it.”

While insisting that his efforts to shed light on the re-registration exercise was to “protect” the citizenry, he cited the data breach in Australia to back his argument.

Claim: “Just last week, a telecom company in Australia… they call it the biggest data breach in Australia. Peoples’ financial details and medical records have been leaked from their telecom company… Because they didn’t handle the data well, someone has stolen 12 million Australians’ information, 12 million. Just last week.”

Fact-Check Ghana has verified the actual number of Australians who lost their data and concludes that the MP’s claim is misleading.

Australia’s second-largest telco company, Optus, owned by Singapore Telecommunications, on September 22, 2022, announced that it had suffered a cyber-attack.

This drew massive criticism from the Australian public and its government. The government described the breach as “unprecedented,” blaming Optus that it “effectively left the window open” for sensitive data to be stolen.

After investigating the breach, Optus confirmed that the personal identification numbers of 2.1 million out of its 9.8 million customers have been stolen. However, although the data of the remaining 7.7 million customers, according to the company, are exposed, they do not need to replace their various identification documents.

The 2.1 million personal ID details include 150,000 passport and 50,000 Medicare numbers. Among the names, birth dates, phone numbers and email addresses which have been exposed include the driver’s licenses of the affected customers of Optus.

A statement by Optus on September 28, 2022 reads:

“Of the 9.8 million customer records exposed, we have identified 14,900 valid Medicare ID numbers that have not expired. All of the customers who have a Medicare card that is not expired will be contacted within 24 hours. There are a further 22,000 expired Medicare card numbers exposed. Out of an abundance of caution, they will also be contacted directly over the next couple of days.”

Optus CEO, Kelly Bayer Rosmarin, reiterated that her company is “in a position to say that 7.7 million customers do not need to take further action.”

Moreover, the 2021 annual report of Singtel, the mother company of Optus, shows that Optus has 10 million customers and 1.1 million Broadband users in Australia.

Sam George’s claim about the data breach is true. However, he misled the public by asserting that 12 million Australians have had their data stolen, whereas the actual number is 2.1 million.

The writer of this report, Edmund Boateng Agyemang, is a Fellow of the Next Generation Investigative Journalism Fellowship at the Media Foundation for West Africa.


John Kumah’s claim on Ghana being the third strongest currency in Africa false

Related articles