It’s been over a week since the Optus Cyber Attack happened, and now several days since large amounts of data from the hack was published by the alleged hacker during a ransom demand. While Optus say they have contacted the most affected customers, EFTM understands the company has not made any effort to contact the 10,200 people who’s Optus Customer details are available on the open internet.
Four days ago Optus announced that they had “sent email or SMS messages to all customers whose id document numbers, such as licence or passport number, were compromised because of the cyberattack.”
While that might well be true, it appears Optus has done nothing to respond to the clear breach of their data and publication of over 10,000 users data earlier this week.
The alleged hacker originally published 200 lines of user data when they set their $1million ransom demand on the weekend. On Tuesday Morning, they upped the ante with an additional 10,000 lines of data claiming they would continue releasing the same until the ransom is paid. It didn’t take long before they withdrew all their demands, but the damage was done. Thousands of users in the hacker community got access to those 10,200 lines of data.
That data, which EFTM has sighted clearly contains the customer files of 10,200 people, their names, addresses, contact numbers, date of birth, and in a lot of cases also their ID Document number.
Given the data is available on the internet, and now very clearly in the hands of scammers – what do you think Optus has done for those particular customers? Answer: Nothing.
EFTM spoke to several people on that list last night, and none had had any contact from Optus other than the generic opening email advising them of the hack.
More troubling still, several had not heard anything at all from Optus.
In speaking to these customers, one said “I’m Angry”, disgusted that their information could be available on the internet, and Optus has not informed them.
Optus operates one of three mobile telecommunications networks in Australia. The fact they can’t see fit to send an SMS message to 10,200 mobile networks, with no link but perhaps a plea to reach out to Optus immediately so they can be the first to sign up to the Identity protection plan being offered.
At the very least, these 10,200 people are the only one’s we know with all certainty have had their details breached and made available to scammers. That makes them the single most important customers to protect.
Of the people we contacted, at last two had not received any email at all from Optus, not even the generic.
We checked the email they had on file, and contacted them via Email also. One of them has confirmed the email is working, but that they still have had zero contact from Optus.
While a contact phone call, or any outreach might not be a good thing for Optus to do, in the words of one person on the 10,200 user list – it’s simple – “I’d Rather know”.
Optus has over 6,000 employees. There is no single issue that matters more than their customers involved in this hack matter. Get the list of 10,200 people and get 3,000 employees to make between 3 and 4 calls today. These people deserve to know, so they can be on high alert.