Two Australian regulators said on Tuesday they have opened investigations into Optus, the country’s No. 2 telecoms provider, after a breach of its systems resulted in the theft of personal data from up to 10 million accounts.

The Office of the Australian Information Commissioner (OAIC) was focused om whether the Singapore Telecommunications Ltd-owned company took reasonable steps to protect customer data and comply with privacy laws. While the Australian Communications and Media Authority (ACMA) said it was investigating whether the telco met its industry obligations as a #telecommunications provider in terms of the keeping and disposing of personal data.

The OAIC said in a statement if it finds that “interference with the privacy of one or more individuals has occurred”, it may force Optus to take steps to ensure the breach cannot be repeated.

The agency added that it finds there was a breach of Australian privacy law, it can seek civil penalties of up to A$2.2 million per contravention.

Australian Competition and Consumer Commission Chair Ms. Gina Cass-Gottlieb told a parliamentary hearing the regulator was receiving 600 calls a day from people concerned about the Optus breach, although few had been scammed as a result.