Get all your news in one place.
100’s of premium titles.
One app.
Start reading
The New Daily
The New Daily
National
Derek Rose

Optus CEO says no customers were harmed in data hack

Optus CEO Kelly Bayer Rosmarin says none of the telco's customers suffered any financial harm after a hacker posted the details of thousands of them online. Photo: AAP

No Optus customer suffered financial harm as a result of the hack on the telecommunications provider, CEO Kelly Bayer Rosmarin says.

While Optus initially flagged 9.8 million customers could be “potentially impacted” in the September data breach, the details of 10,200 customers were actually exposed publicly, Ms Bayer Rosmarin told the Australian Financial Review Business Summit in Sydney on Wednesday.

“And more importantly, not a single customer has suffered any financial loss or fallen victim to a crime through misuse of this data,” she said.

Most of the customer details in the 20 terabytes of stolen data weren’t particularly sensitive – of the type that people regularly publish on their Facebook pages – but did include driver’s licence numbers that could be combined with other data for use in phishing attacks, she said.

The most likely scenario was the hacker wanted to use the data for SIM card swaps or phishing attacks, “which we shut down by going public so quickly and putting the whole nation on alert”, Ms Bayer Rosmarin said.

The data breach was the first of a wave of hacks last September and October that hit major Australian corporations including Medibank Private, EnergyAustralia and Woolworths.

Ms Bayer Rosmarin said Optus had done “serious soul searching” in the wake of the data breach and was “truly sorry” about it.

She said it might be reassuring for others to think Optus was an easy target or had under-invested in security but that wasn’t what happened.

“We can confirm that this attack was premeditated and that it was undertaken by motivated, skilled cybercriminals who crafted the attack just for Optus,” Ms Bayer Rosmarin said.

She said she could not elaborate because the hack was under active criminal investigation.

The hacker posted the details of the 10,200 Optus customers on the dark web when the company declined to pay a $1 million ransom.

“Everybody has a policy of not paying a ransom and as we know, a lot of companies do,” Ms Bayer Rosmarin said.

“Practising, rehearsing, whatever you want to do is not the same as being in the moment when you’re trying to do the right thing.

“So I think it is very absolutist to say never (pay a ransom).”

Ms Bayer Rosmarin said in this case, Optus didn’t pay one.

The CEO also faulted press coverage of the hack, saying it became “very clear” to her the media wasn’t always focused on providing “accurate, good reporting that was actually helping the public make sense of and responding to this incident”.

Some reports focused instead on “where I happened to be on a particular day or the name of my dog”, she said.

– AAP

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.