The cyberattack on Optus has spotlighted a legal quirk that means corporations don’t have to tell anyone they’ve been hacked.

A spokesperson for Attorney-General Mark Dreyfus told Crikey the federal government is considering plugging the loophole, which allows organisations that have been hacked to keep it a secret.

“Millions and millions of Australians have been affected by the Optus data hack and are rightly concerned about the loss of their personal information,” the spokesperson said.