Optus CEO Kelly Bayer Rosmarin today faced the media in a virtual press conference to address this week’s Cyber Attack on Optus which has seen up to nine million customer’s details possibly obtained by hackers.
The breach is among the biggest and worst in Australian history due to the scale and the type of data accessed.
Ms Rosmarin was apologetic from the get-go, saying “I’d like to start off by making sure that it’s clear that we are apologising to all of our customers. We know that this attack creates great concern, and it’s something that we learned about on Wednesday that some of our customers’ information had been compromised and throughout we have used a what’s best for customers approach to guide our response to this attack. “
Addressing the issue of why Optus has yet to actually contact its customer base, the CEO spoke of the decision to use the media in this case “that is why we wanted to put a call out to all of our customers to be on alert in the best way that we can. And that we decided was by using you the media. We know that in these situations, time can be of the essence. So we contacted the media in less than 24 hours from when we learned that this incident had occurred and we’re informing customers as quickly as we can in a very different way from what has been done with previous cyber attacks.”
While numbers of up to 9.8 million have been quoted in relation to the number of people who’s data may have been compromised, Optus is at pains to point out that is unknown and is a worst case number “I want to make it clear that that is the absolute worst case scenario. We have reason to believe that the number is actually smaller than that, but we are working through reconstructing exactly what the attackers have received. Importantly, it’s a very small subset of data. It does not include any financial details. It does not include passwords. And so when, when we work through it, we will be identifying specifically which customers and which fields of data and proactively contacting each individual customer with very clear explanations of which of their data has been exposed and potentially taken.”
There is a clear hope it’s far less, Ms Rosmarin saying “while we work through that, we’ve got the absolute worst case scenario number at, at 9.8. But as I say, we expect the number to be considerably less than that.”
As to who the attackers are, we’re still none-the-wiser, with Optus saying the attack came out of “various countries in Europe” while re-assuring customers the original data was being held within Australia.
When asked specifically if customers had been contacted, Ms Rosmarin was keen to point out how they plan to approach that “So we’re not going to say exactly how, but we will contact all customers, including customers that are not affected now, but our priority is going to start with the customers where the most fields may have been exposed. So over the next few days, all customers will know in what category they fall. And we’re hoping for most of them that this does not put them in harm’s way.”
Tech Guide’s Stephen Fenech made the most impact on the CEO, asking her how she felt about this happening under her watch as CEO – Ms Rosmarin appeared emotional when she answered “I think it’s a, mix of a lot of different emotions. Uh, obviously I’m angry that there are people out there that want to do this to our customers. I’m disappointed that we couldn’t have prevented it. I’m disappointed that it undermines all the great work we’ve been doing to be a pioneer in this industry and a real challenger and create new and wonderful experiences for our customers. Um, and I’m, I’m very sorry and , it should not have happened.”
It’s going to be a long road for Optus, and for their customers.
Fact is, there’s not much you can do right now, other than be hyper vigilant about all the emails you get, no matter how much they appear to know about you, same with phone calls. And worth getting a credit report now, and again in a few months. If you’re likely to be applying for finance any time soon, maybe consider seeking a Credit Ban on your name for a while, until this all settles.