I make no apologies for being strong in my criticisms of Optus over their handling of the data breach this week – specifically their approach to customer care. Today, finally, an email looks like it’s making its way to customers from Optus CEO Kelly Bayer Rosmarin
Optus told me earlier today they had been advised “NOT to send links to our customers via SMS or email” – and that is great advice, given the risk of scams and phishing links today.
However, an email without links is exactly what they needed, let along SMS messages to customers.
Finally, a full 24 hours after going rather gingerly to the media, we’ve had our first report of an actual customer email.
Here’s what the email says.
It’s titled “Urgent update from Optus about your personal information”
It is with great disappointment I’m writing to let you know that Optus has been a victim of a cyberattack that has resulted in the disclosure of some of your personal information.
Importantly, no financial information or passwords have been accessed. The information which has been exposed is your name, date of birth, email, phone number, address associated with your account, and the numbers of the ID documents you provided such as drivers licence number or passport number. No copies of photo IDs have been affected.
It is also important to know that Optus’ network and Optus services including mobile and home Wi-Fi aren’t affected, and no passwords were compromised, so our services remain safe to use and operate as per normal.
Upon discovering the cyberattack, we immediately took action to shut it down to protect your information. Our priority is our customers – so while our investigation is not yet complete, we wanted you to be aware of what has happened so that you can be extra vigilant at this time.
We are currently not aware of customers having suffered any harm, but we encourage you to have heightened awareness across your accounts, including:
- Look out for any suspicious or unexpected activity across your online accounts, including your bank accounts. Make sure to report any fraudulent activity immediately to the related provider.
- Look out for contact from scammers who may have your personal information. This may include suspicious emails, texts, phone calls or messages on social media.
- Never click on any links that look suspicious and never provide your passwords, or any personal or financial information.
- If people call you posing as a credible organisation and request access to your computer, always say no.
You would have seen we announced this first in the media. We did this as it was the quickest and most effective way to alert you and all our customers, while also communicating the severity of the situation through trusted media sources.
For the most up-to-date information and FAQs, go to optus.com.au. If you believe your account has been compromised, you can contact us via My Optus app – which remains the safest way to contact Optus, or call us on 133 937.
We apologise unreservedly and are devastated this could occur. We are working as hard as possible with the relevant authorities and organisations to ensure no harm comes from this unfortunate occurrence.
Kelly Bayer Rosmarin
Here’s hoping that message gets to all the possible customers affected by this breach, no matter if they are or not, after a 24 hour media frenzy – they owe it to all 9 million.
Thanks LUCAS for the tip.