Optus Data Breach

The biggest data breach in Australian history has compromised 40 percent of the total population.

Optus, Australia’s second largest telecommunications company, announced on September 22 that identifying details of up to 9.8 million customers were stolen from their customer database. 

OPTUS is Singtel Optus Pty Limited, headquartered in NSW, and is a wholly owned subsidiary of Singapore Telecommunications Limited, a Singaporean telecommunications conglomerate commonly known as Singtel. 

Singtel is also the second-largest company by market capitalisation listed on the Singapore Exchange and is majority owned by Temasek Holdings, the investment arm of the Singapore government. (from Wiki)

Singtel Optus has repeated lobbied against proposed changes to the privacy laws in Australia.

In (2020) they lobbied against customers having the power to take direct legal action over privacy breaches. Optus argued it “could lead to frivolous or vexatious claims, and would not give people greater control over their personal information.

Optus also lobbied against changes to  Australian privacy laws that would give customers the right to request their data be destroyed. Stating there were “significant hurdles” to implementing such a system and it would come at “significant cost”.

Optus CEO Kelly Bayer Rosmarin said the telco was “devastated to discover” the attack, which “has resulted in the disclosure of our customers’ personal information to someone who shouldn’t see it… As soon as we knew, we took action to block the attack and began an immediate investigation,” she said.

Optus maintains it has strong cybersecurity protections. However it appears Optus did not remove previous customer information…. It also appears that human error likely led to the attack…

Home affairs minister, Clare O’Neil, gave details to parliament on Monday, asserting the Optus data leak and says the hack should not have happened.

https://www.dailymotion.com/video/x8dz4u1

Optus announced that the “most affected” current and former customers would get access to a 12-month subscription to credit monitoring by Equifax Protect.

Equifax is a credit agency that due to lax cybersecurity measures allow ed hackers to steal credit files on 147 million Americans in 2017. Data stolen included Social Security numbers, dates of birth and thousands of payment card records.

Equifax was fined $700 million when congressional committees and security experts discovered that Equifax had not properly rolled out publicly released patches on its network months prior to the data breach.

The NSW Minister for customer service and digital government Victor Dominello announced on LinkedIn that the NSW government has set up a helpline for citizens affected by the breach.

The service, ID Support NSW, is on 1800 001 040.

Offering assistance represents  a significant policy shift in favour of reissuing identity documents, a notoriously difficult exercise.

“Behind the scenes the NSW Department of Customer Service, Transport for NSW, Cyber Security NSW, ID Support and Registry of Births Death and Marriages - are working with Optus to make the process of re-issuing of NSW identity documents as seamless as possible," Dominello said.

- CyberBeat