The incident was 'an unprecedented loss of customer information in Australian history,' said Cybersecurity Minister Clare O'Neil to Australian Broadcasting Corporation.

The second-largest wireless carrier in Australia, Optus, was held accountable by the Australian government for an unprecedented data breach involving 9.8 million customers' personal information. The Australian government announced on Monday that it is considering tougher cybersecurity regulations for telecommunications companies.

The day before the cyberattack, which resulted in the theft of the personal information of 9.8 million persons out of Australia's 26 million residents, Optus said last Thursday.

According to Australian Broadcasting Corporation, the attack was a 'unprecedented loss of consumer information in Australian history.'

'Significant amounts of personal data,' including licence and passport information, were exposed for 2.8 million present and former Optus users, according to O'Neil.

According to her, fraud and identity theft pose a serious threat to those 2.8 million people.

'The breach is of a sort that we should not expect to see in a big telecommunications company in this nation,' O'Neil said in a statement to the legislature.

Such a violation might incur sanctions 'amounting to hundreds of millions of dollars' in some nations, according to O'Neil.

Currently, Optus cannot be penalised for the violation under Australian law.

A breach of this scope and magnitude will result in a significant reform effort, according to O'Neil. She went on to say that 'one important question is whether the cybersecurity obligations that we set on large telecommunications providers in our nation are appropriate for the task at hand.'

In a statement, the Australian Federal Police stated that they were looking into claims that the stolen data had already been sold.

According to the statement, Australian investigators are collaborating with foreign law enforcement organisations to identify the perpetrators of the attack and to protect the public from identity fraud.

According to authorities, the AFP 'will not publish what information it has received in the initial few days' of the probe 'to maintain the integrity of the criminal investigation.'

Jeremy Kirk, a cybersecurity author based in Sydney, claimed he utilised an internet forum for thieves to inquire about how the Optus data was gained from a person who claimed to have downloaded it.

According to her, Optus appears to have left an open application programming interface (API), a piece of software that enables communication and data exchange between different systems.

Kirk told Ten Network television, 'It seems like there was a failure to secure the software system, so anyone on the internet could locate it. 'O'Neil didn't go into specifics about how the incident happened, only that it was 'quite a basic attack.'

She claimed that Optus had 'essentially left the window open for the theft of data of this sort.'

Optus, a Sydney-based corporation, cooperated with O'Neil's request to provide free credit monitoring to compromised clients in order to safeguard them from identity theft later on Monday.