Powered by MOMENTUMMEDIA
For breaking news and daily updates, subscribe to our newsletter

Senate demands OAIC hand over details of AMEX investigation

The Office of the Australian Information Commissioner (OAIC) has been told it needs to hand over the full details of an investigation into American Express (AMEX) that found security issues following two insider security breaches.

Fri, 03 Jul 2026
Senate demands OAIC hand over details of AMEX investigation

Last month, the OAIC ordered AMEX to review its security and implement better access controls within six months, and to implement protections after two breach incidents by inside staff.

The OAIC then launched an investigation that found AMEX lacked appropriate security access controls. It then published a partial report of its findings.

However, the Senate has now demanded that the OAIC share its full findings, after Greens Senator David Shoebridge moved a motion in the Senate.

The privacy watchdog said it didn’t share the full report to protect its investigative process, as well as potential harm to individuals and cyber security risks for AMEX.

However, following the Senate motion, which passed with a 33-21 vote, OAIC has until 28 July to publish the full report and any related correspondence and documentation.

Shoebridge’s motion requires:

  • “The full text of the determination and the Australian Privacy Commissioner’s reasons;
  • “All correspondence between the OAIC and the complainant, or the complainant’s representatives, concerning confidentiality, publication or any restriction on disclosure;
  • “Any direction, requirement, request, deed, undertaking or agreement that restricts, or purports to restrict, the complainant from disclosing information about the complaint, the investigation, the determination or the outcome;
  • “All records of the OAIC’s decision regarding publication of the determination, including the determination regarding publication referred to in its public statements and the reasons for that decision;
  • “All correspondence between the OAIC and American Express Australia Limited, or its representatives, concerning confidentiality, publication, or any restriction on disclosure;
  • “Any file notes, minutes, briefings or legal advice held by the OAIC concerning the handling of confidentiality claims and the decision on publication or decisions on any restriction on disclosure, including the details of attendees at each meeting relating to those matters.”

The OAIC is yet to respond to the motion. Following its investigation, it ordered AMEX to pay the complainant for losses and issue a written apology, on top of the amendments mentioned above.

Cyber DailyWant to see more stories from trusted news sources?
Make Cyber Daily a preferred news source on Google.
Tags:

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.