After saying on live radio that every customer impacted by Australia’s largest-ever cyberattack had been alerted, an Optus official was left embarrassed when a victim called in and said she hadn’t.
The personal addresses, dates of birth, phone numbers, passport information, and driver’s license information of an estimated 11.2 million Optus customers may have been exposed in last week’s data breach.
Since then, an unknown hacker who claims to be responsible for the incident has threatened to release the data unless Optus pays a $1.5 million ransom in the cryptocurrency Monero.
In a call to the 2GB Breakfast Show on Monday, the telco’s head of corporate relations for regulatory and public affairs, Sally Oelerich, said: “For consumers whose data has been compromised due to this assault, we’ve now notified them.”
However, client Casey Robinson later called in to tell that her husband’s account had been hijacked as early as September 12 and that personal information such as his phone number had been exposed.
Ms. Robinson said that they had contacted Optus directly when Mr. Smith inquired as to whether the telecom had contacted her.
The radio presenter asked, “You haven’t heard from Optus about what you should do with your accounts.”
Nope, not even one email, Ms. Robinson retorted.
The question was then posed to Ms. Oelerich by Mr. Smith.
You claimed to have gotten in touch with everyone you believed to have had their data exposed, right? he questioned.
In response, Ms. Oelerich said, “As a consequence of this assault.”
You’re suggesting that Casey’s explanation is inapplicable to the situation? Mr. Smith retaliated.
After stumbling, Ms. Oelerich apologized to Ms. Robinson for leaking her husband’s information.
She said, “I wouldn’t want that on my worst enemy.”
The CEO then claimed that the telecom had notified every Optus customer who had been affected by the hack, but Mr. Smith pointed out that this wasn’t the case.
She began by saying, “I don’t think, well, I don’t know Casey’s specific circumstances or her partner,” before requesting Ms. Robinson’s information and pledging to personally follow up on her issue.
Earlier in the confusing interview, Ms. Oelerich claimed that she had personally experienced the cyberattack and had her license number exposed.
She avoided many inquiries concerning the assertions made by the hackers that they were responsible for the attack by responding that it was being looked into for Mr. Smith.
The accused hackers, she said, had not been in touch with Optus directly, so no one could “verify whether that was even real.”
Tech experts consider the hacker’s claims to be true, but Ms. Oelerich refused to say whether she felt they were true or not, stating she was following all recommendations to “protect consumers.”
The hackers posted a ransom demand on a website on Saturday morning, giving the operator one week to react.
If you’re reading, Optus! The cost to us to not sell the data is $1,000,000 USD. You have one week to make a decision,’ said part of the statement.
The warning comes as Optus customers express their annoyance on social media; some allege it took three days for Optus to begin contacting them directly.
The millions of Optus customers whose information had been exposed received an emotional apology on Friday morning from CEO Kelly Bayer Rosmarin.
She acknowledged that payment information and account passwords were secure but said she felt bad that the hack had occurred while she was in charge.
She remarked, looking dejected, “I guess it’s a combination of a lot of different feelings.”
Obviously, I’m upset that there are individuals out there who wish to harm our consumers, and I’m unhappy that we were unable to stop it.
“I’m sorry and I apologize deeply. It ought not to have occurred.