Expert Comment: Worrying detail in Optus data leak amid fury from impacted Aussies
A particularly concerning detail has been discovered buried in the Optus data leak as the telco continues to deal with the fallout of the cyber attack.
Last week it was revealed that hackers had stolen the personal data of millions of past and present Optus customers as part of a major cyber attack.
Up to 9.8 million Australians have potentially been impacted by the security breach, which resulted in their names, emails, phone numbers, date of births, addresses and in some cases even drivers’ licence and passport numbers being exposed.
Worryingly, Optus currently only has about 5.8 million active users, meaning the other four million people potentially caught up in the attack are past customers.
Optus CEO Kelly Bayer Rosmarin said past customers dating as far back as 2017 could be impacted by the hack.
During a press conference on Friday, Ms Bayer Rosmarin claimed the company was required by law to keep the identification of customers for six years.
“The IP address (used by the hackers) kept moving. It’s a sophisticated attack. Safe to say it comes out of various countries in Europe. And in terms of the customer data, I think it dates back to 2017,” she said.
News.com.au contacted Optus for further comment and clarification on the number of past and present customers affected but was told the number of people impacted could not be verified as the attack was being investigated by the Australian Federal Police.
“Optus can confirm that it has now sent email or SMS messages to all customers whose id document numbers, such as licence or passport number, were compromised because of the cyberattack,” an Optus spokesperson said.
“We continue to reach out to customers who have had other details, such as their email address, illegally accessed.”
This has prompted outrage from many social media users, with some even calling for changes in legislation to stop companies keeping the details of previous customers for an extended period of time.
Public relations expert Nicole Reaney told news.com.au it was “never a good sign” when a customer hears information that impacts them via the media, rather than being told directly.
“In addition, direct information to its customers needed to be the priority – there was a delay to this and a vague instruction to impacted customers to watch their bank accounts and report any suspicious activity,” Ms Reaney said.
“Customer service platforms need to be in place to enable inquiries to be handled efficiently and supportively as possible. Customers should not be left ‘hanging’ but be regularly armed with up-to-date information from the telco provider.
“Communication is their bread and butter – and it’s crucial they demonstrate this capability at this time.”
For the full story head to news.com.au.
Nicole Reaney, Director of InsideOut PR and founder of influencer agency, #AsSeenOn. Nicole has extensive experience in corporate and consumer PR and Communications and is available to comment on topics.