It has been fifteen days since Optus went public about their massive and “sophisticated” cyber attack. I’ve been critical of Optus’ communication for that entire time, and frankly, it’s moved from anger to laughter because you really can’t write this stuff.
It took Optus a week to contact all those affected customers. They then send separate and confusing messages about ID documents.
Plus, they didn’t prioritise the 10,200 customers who’s details were exposed in a hacker forum.
In fact, EFTM can reveal that at least one customer of those 10,200 hasn’t heard a thing from either the AFP or Optus.
To make matters worse, and re-enforce just how lax the Optus communications strategy is Optus customers who were not among the 9.8 affected by the Cyber Hack have still heard nothing.
One such customer today telling EFTM they’d heard “Nothing at all” from Optus.
They told us they “have two mobile phones on a plan with them since March 2021. No texts no emails no spam/phishing either.”
“Last bill sent start of Sept which also included a $10 hike for the “Sports Hub” which I thought received as a free add-on when first signing 18 months ago.”
The overall summary was simple “Not sure what the hell is going on and the silence is deafening….”
You see, Optus has been in the headlines for two weeks – so you’d think as part of their strategy they’d send a simple message to all their customers who they believe are not in the 9.8 million.
Do that by taking all customer records, take out the 9.8 million and you’ve got a list. About a days work at best.
Then send a text message:
“Dear valued Optus Customer, you might have heard we suffered a Cyber Attack recently. While we are confident your details were not included in this breach, if you have any questions or concerns please call us or contact us via the MyOptus app“
There, I’ve done your work for you.
Conversely, Telstra, who had names and email address of 30,000 employees from 2017 leaked in a hack on a third party rewards business, has already contacted each of those 30,000 – even if they are no longer Telstra employees.
The message said “Our records indicate this number is used by a former employee of Telstra whose name and old Telstra work email address were recently disclosed as part of a data breach at a third-party supplier. We wanted to let you know the data was from 2017 and no additional personal information has been released.
All current information on this incident is available on our Telstra Exchange site, however if you would like to talk to someone about it you can call 1800 884 209 between 8am and 8pm AEDT Monday to Friday. If this service is no longer used by a former Telstra employee, please ignore this message.“
A well constructed message, that doesn’t assume their contact details are up to date after 5 years, but helps if they are worried.
Optus still have people with their hands in the air and frustrated as several callers expressed to me on the EFTM podcast this week.
Just staggering that Optus isn’t looking at their customers at all here, and I suspect, they are leaving in droves.