Optus executive fails to answer questions about data breach that affects 11 million customers
>
An Optus executive turned red after claiming on live radio that every customer affected by Australia’s biggest cyber attack ever had been informed – only for a victim to call in and claim she hadn’t been told.
It is estimated that the personal addresses, dates of birth, phone numbers, passport details and driver’s licenses of Optus customers from the past week may have been hacked in last week’s data breach.
A mysterious hacker claiming to be behind the breach has since demanded Optus hand over $1.5 million in ransom in the form of cryptocurrency Monero, or they will publish the data.
On Monday, Sally Oelerich – the telco’s director of business affairs for regulatory and public affairs – called in on the 2GB breakfast program and said: ‘For customers whose data has been compromised as a result of this attack, we have now informed them’.
But customer Casey Robinson then called and reported that her husband’s account had been hacked and that personal information such as his phone number had already been hacked on Sept. 12.
Optus Director of Corporate Affairs Regulatory and Public Affairs Sally Oelerich turned red when she told 2GB’s Chris Smith that all concerned Optus customer had been contacted by the telco – just for a woman to call and say they hadn’t
A mysterious hacker who claims to be behind the breach has since demanded Optus to hand over $1.5 million in ransom in the form of cryptocurrency Monero, or they will publish the data
When Mr Smith asked if the telco had contacted Ms Robinson, she said they had contacted Optus themselves.
‘You were not informed by Optus what to do with your accounts?’ said the radio host.
“Not at all, not a single email,” Mrs. Robinson replied.
Mr Smith then put the question to Mrs Oelerich.
“You said you contacted everyone who you thought had their data hacked?” he said.
2GB radio host Chris Smith has asked several questions to the Optus manager about the breach that may have affected more than 11 million customers
Mrs. Oelerich replied, “As a result of this attack.”
“You’re saying Casey’s scenario doesn’t fit the circumstances!?” Mr. Smith hit back.
Ms. Oelerich then stumbled before apologizing to Ms Robinson for violating her husband’s records.
“It’s not something I would wish on my worst enemy,” she said.
The director then said all Optus customers affected by the breach had been contacted by the telco before Mr Smith pointed out that this was not the case.
“I don’t believe, well, I don’t know Casey’s individual circumstances or her partner,” she said, before asking for Ms. Robinson’s details and promising to personally follow up on her case.
Earlier in the messy interview, Ms Oelerich said she herself had been the victim of the cyber attack and her driver’s license number had been hacked.
She dodged several questions about claims from the hackers claiming to be behind the attack, instead telling Mr Smith that the matter was under investigation.
It is estimated that personal addresses, dates of birth, phone numbers, passport details and driver’s licenses have been compromised for 11.2 million Optus customers
She added that the alleged hackers had not contacted Optus directly and were unable to “validate whether that was even legitimate.”
Tech experts believe the hacker’s claims are legitimate, but Ms Oelerich declined to answer whether she thought it was real or not, saying she was doing everything she was advised to “protect customers.”
On Saturday morning, the ransom demand appeared on an online forum, with the hackers warning the telco they had a week to respond.
‘Optus if you read! price for us not to sell data is 1,000,000$US We give you 1 week to decide,” read part of the message.
The warning comes as Optus customers take to social media to express their frustration, with some claiming it took three days for Optus to start contacting them personally.
Pictured: Optus CEO Kelly Bayer Rosmarin
On Friday morning, CEO Kelly Bayer Rosmarin issued an emotional apology to the millions of Optus customers whose data had been compromised.
She confirmed that payment details and account passwords were protected, but admitted that she was “terrible” that the breach had taken place under her supervision.
“I think it’s a mix of a lot of different emotions,” she said dejectedly.
“Of course I’m angry that there are people who want to do this to our customers, I’m disappointed that we couldn’t have prevented it.
‘I am very sorry and apologise. It shouldn’t have happened.’