Optus blasted by Ben Fordham for failing to immediately alert customers of massive data breach
>
Optus has been sued for failing to tell nearly 10 million customers that their personal information may have been stolen by hackers for a day.
The massive cyber breach allowed hackers to access personal information, such as passport and driver’s license numbers, email and home addresses, dates of birth and phone numbers, of approximately 10 million Australians.
Optus Regulatory and Public Affairs Vice President Andrew Sheridan said the company learned of the breach late Wednesday.
He was forced to defend the telco when 2GB host Ben Fordham wondered why they had waited until 2pm Thursday to release a press release.
Optus has been sued for waiting nearly 24 hours to tell nearly 10 million customers that their personal information may have been stolen by hackers
Fordham said the Australian newspaper first released news of the breach at 1 p.m. on Thursday, with Optus issuing a release an hour later.
“You knew on Wednesday… it wasn’t until the Australian newspaper plopped the story on their website (Thurs) that you released a statement,” Fordham said on his radio breakfast program Friday.
“If you want to protect your customers, why didn’t you warn them as soon as you were aware of this potential breach?”
Mr Sheridan said there were “a number of steps” to be taken in the event of cyber incidents.
“When you look at incidents like this, I think we acted very, very quickly,” he said.
He was then cut off by Fordham, who said he didn’t think the telco had acted fast enough.
“I have to warn you about this Andrew, I don’t think you acted fast at all,” he said.
Optus Regulatory and Public Affairs Vice President Andrew Sheridan said the company learned of the breach late Wednesday. Optus only issued a press release on Thursday
“We’ve seen a lot of these cases in the past where companies have said, ‘We don’t know if there’s been a breach, there’s been a potential breach, we want to warn you right away'” – you don’t have that, you have that not done.’
Mr Sheridan would not confirm the number of customers affected but said the investigation is still ongoing.
He added that Optus had to confirm the details of the breach and secure their network before warning customers.
The telco contacts the millions of affected customers.
Optus said users’ payment information and account passwords had not been compromised and that it was working with the Australian Cyber Security Center to mitigate the risk to both current and former customers.
The Australian Federal Police, the Australian Information Regulator’s Office and other key regulators have also been notified.
Alastair MacGibbon, chief strategy officer at cybersecurity firm CberCX and a former adviser to the prime minister, said Optus customers should watch out for criminals impersonating them online.
“They should find out if criminals are impersonating them, or stealing their identities, trying to get credit in their name…etc,” he told ABC.
He said Optus can protect their customers’ interests by paying for credit monitoring.
“That way you will be checked by credit monitoring services if someone has used your name and other details to get credit,” Mr MacGibbon said.
It remains unclear what the hackers were looking for at this stage, the authorities and the telco are still under investigation.
Optus said users’ payment information and account passwords had not been compromised and that it was working with the Australian Cyber Security Center to mitigate the risk to both current and former customers.
Optus chief executive Kelly Rosmarin said the company was working with the Australian Federal Police to investigate the attack.
“We are devastated to learn that we have been the victims of a cyber attack that resulted in the disclosure of our customers’ personal information to someone who should not see it,” she said in a statement.
“As soon as we knew, we took action to block the attack and immediately launched an investigation. While not everyone may be affected and our investigation is not yet complete, we want all of our customers to be aware of what happened as soon as possible so they can increase their vigilance.
“We are very sorry and we understand that customers will be concerned. Rest assured that we are working hard and collaborating with all relevant authorities and organizations to help protect our customers as much as possible.”
She said customers’ payment details had not been compromised, but advised them to check their bank accounts for suspicious activity.
‘Optus has also informed important financial institutions about this. While we are not aware of customers who have been harmed, we encourage customers to raise awareness about their accounts, for example by looking for unusual or fraudulent activity and reports that appear strange or suspicious.”
Mobile internet and internet at home, as well as messages and voice calls are not affected.
Both past and current Optus customers have been affected.