Dear Optus: Have my details been stolen in your hack? Customers left with no idea where they stand.

Eleven days since it was revealed Optus suffered a massive Cyber Attack resulting in the loss of millions of Australian’s personal data and there are Optus customers still wondering – have my details been hacked?

While Telstra has proven it possible to contact every single one of their mobile customers in just a matter of hours, it appears Optus is yet to contact some customers leaving them unsure if they are involved.

One EFTM reader James says “My wife is an Optus customer, but she hasn’t heard a thing – no text, no email… nothing. So initially, we assumed she’s not involved. Great! But as this drags on, that just seems really naive to now think…”

Adrian says “G’day Trev. Yep, we are Optus customers (the whole family) and haven’t heard a bloody thing. Went into my local Optus shop and they were useless. Told me nothing. Is there somewhere to check whether our data has been leaked??”

Mark says “Haven’t heard anything, apart from getting my bill through as normal!!!!!”

Carrie told EFTM “Hey Trevor. I have not received any communication from Optus and we have a broadband account with them.”

Last week when EFTM contacted customers who’s names had appeared on the leaked list of customers used as evidence by the alleged hackers, several of them had only heard of the issue in the media.

At this stage we’re unsure how Optus makes the choice of how to contact customers with the majority of contact thus far being via email. On Sunday evening many customers reported receiving SMS messages confirming their drivers licence was involved in the breach, but not their card numbers, but without a consistent and all-platform approach, just how can Optus be sure they are actually reaching all their customers?

Very early in this crisis Optus spokespeople said they had chosen to go to the Media for the best possible reach for their message, however they have stopped sending any media announcements, and are only updating their website with new information.

It’s an utter shambles.

For Optus to assume a customer uses or checks their “OptusNet.com.au” email address is naive and misguided. Every single customer should receive alerts via SMS and Email when there is any news at all.

Additionally, Optus continues to ask people to use the MyOptus app or website to communicate with customer service, something it’s impossible for a former customer to do and with wait times on the phone lines in the hours, you can see how many people are frustrated.

Meanwhile Optus has today taken the necessary step of appointing an independent third party to undertake a review of the cyber attack.

Deloitte will undertake a “forensic assessment of the cyberattack and the circumstances surrounding it”, which CEO Kelly Bayer Rosmarin says will play a role in the company’s response to the incident, saying “We’re deeply sorry that this has happened and we recognise the significant concern it has caused many people. While our overwhelming focus remains on protecting our customers and minimising the harm that might come from the theft of their information, we are determined to find out what went wrong.”

Importantly, Optus appears to be looking to be transparent about the results of the review, pointing to how it may help other organisations “This review will help ensure we understand how it occurred and how we can prevent it from occurring again. It will help inform the response to the incident for Optus.  This may also help others in the private and public sector where sensitive data is held and risk of cyberattack exists. 

The CEO ended by saying “I am committed to rebuilding trust with our customers and this important process will assist those efforts.” – Here’s a tip Kelly, start by contacting them ALL.