Following the probable theft of the personal information of around 10 million customers by foreign hackers, the CEO of Optus has apologised profusely.
The significant data breach gave hackers access to client information from the telecom, including passport and driver’s licence numbers, email and home addresses, dates of birth, and phone numbers.
Kelly Bayer Rosmarin, the company’s CEO, said she was “terrified” that the hack had occurred while she was in charge, despite the fact that financial information and account passwords had not been stolen.
She remarked, looking dejected, “I guess it’s a combination of a lot of different feelings.”
Obviously, I’m upset that there are individuals out there who wish to harm our consumers, and I’m unhappy that we were unable to stop it.
“I’m sorry and I apologise deeply. It ought not to have occurred.
Additionally, Ms. Bayer Rosmarin disclosed that the hackers’ IP addresses had travelled to other European nations, indicating that the attack was “advanced.”
She noted that it was still too early to determine if a criminal organisation or another state was behind the assault.
The allegedly stolen information dates back to 2017.
The stated amount of 9.8 million persons who had their data compromised, according to Ms. Bayer Rosmarin, was the “worst case scenario,” and Optus anticipated that the actual number would be substantially lower.
It’s a limited subset of data, she explained, and neither financial information nor passwords are included in it.
It follows criticism of Optus for delaying to notify millions of consumers that their personal information may have been taken for nearly 24 hours.
Vice President of Regulatory and Public Affairs for Optus, Andrew Sheridan, said that the business discovered the compromise late on Wednesday.
When 2GB anchor Ben Fordham questioned why they had held off on issuing a press statement until Thursday at 2pm, he was compelled to defend the telecom.
Fordham said that around 1pm on Thursday, The Australian newspaper was the first to report about the breach, with Optus publishing a statement an hour later.
Fordham remarked on his radio morning show on Friday, “You knew about it on Wednesday, but you didn’t issue a comment until The Australian newspaper ran the story on their website (on Thursday).”
“Why didn’t you notify your consumers the instant you were aware of this possible breach?” I said. “If you’re serious in safeguarding your customers.”
In relation to cyber issues, Mr. Sheridan said that there were “a number of actions” that needed to be done.
I believe we responded very, very rapidly in cases like these, he added.
Fordham then interrupted him and remarked that in his opinion, the telco had not responded swiftly enough.
He chided, “I’ve had to call you out on that Andrew, I don’t believe you’ve acted at all promptly.”
“We’ve seen many of these incidents in the past when firms have said,”We don’t know whether there has been a breach, there has been a possible breach, we want to tell you immediately”—you guys didn’t do that, you failed to do that.”
Although Mr. Sheridan declined to reveal how many consumers were impacted, he did say that the probe was still underway.
He stated that before notifying consumers, Optus has to validate the specifics of the hack and protect their network.
The company is reaching out to the affected millions of consumers.
No links provided in messages purporting to be from Optus should be clicked, customers have been warned.
Customers’ financial information and account passwords had not been hacked, according to Optus, which also stated it was collaborating with the Australian Cyber Security Centre to reduce the risk to both current and previous clients.
Other significant regulators, such as the Australian Federal Police and the Office of the Australian Information Regulator, have also been informed.
Optus users should be on the lookout for scammers posing as them online, said Alastair MacGibbon, chief strategy officer of cyber-security company CberCX and a former adviser to the prime minister.
According to him, people should be on the lookout for fraudsters who could be imitating them, stealing their identities, or attempting to get credit in their name, among other things, he told the ABC.
He said that Optus could protect the interests of its clients by investing in credit monitoring.
According to Mr. MacGibbon, “that way you will be tracked by credit monitoring agencies if someone has been using your identity and other data to acquire credit.”
Authorities and the telecom are still looking, so it’s unclear what the hackers were wanting at this time.
Voice calls, messaging, and home and mobile internet have not been impacted.
It affects both current and former Optus customers.