Susie O’Brien: Optus CEO Kelly Bayer Rosmarin must resign over handling of data breach
Not only did Optus allow a major breach to happen, it failed to alert customers immediately and downplayed the attack’s seriousness.
Susie O'Brien
Don't miss out on the headlines from Susie O'Brien. Followed categories will be added to My News.
Say no to Optus. The company’s cyber security was so weak that it allowed hackers to access and publish the personal details of millions of Australians.
Amateur hackers apparently accessed the sensitive data without even needing a protected log-in. This prompted Home Affairs Minister Clare O’Neil to claim Optus “effectively left the window open for data of this nature to be stolen”.
The hackers initially said they’d release 10,000 customer records a day until their ransom demands were met.
But on Tuesday they appeared to back down, noting that the $1 million ransom was “not payed” but that they would not “sale data to anyone”.
“Was mistake to scrape publish data in the first place” they said.
The hackers still managed to penetrate the telco’s storage of its customer’s identification details.
That’s how inadequate the protection was.
Hackers now say they have deleted the only copy of the stolen data and are sorry for their actions.
Even if true, Optus CEO Kelly Bayer Rosmarin appears to have shown she is not fit to run the company and must resign.
Not only did the company allow this breach to happen, it failed to alert customers immediately and downplayed the attack’s seriousness.
“Upon discovering the cyberattack we immediately took action to shut it down,” a grossly misleading email from Bayer Rosmarin to customers said.
The reality is the company does not have any idea how the hackers accessed the information or who they are. The company can’t tell all customers what information has been accessed and who was at risk.
They don’t know how it happened, so can’t guarantee it won’t occur again.
The company is in spin mode, looking to protect its reputation over the security of their customers.
The email to customers said no financial passwords were accessed.
That’s cold comfort to those whose names, date of birth, drivers’ licence and passport numbers were flashed up on the dark web.
Bayer Rosmarin says the company is not the “villain” but that does little to help millions of Australians trying to cancel credit cards and change drivers’ licences.
Her solution on Tuesday was to tell customers not to click on links in bogus text messages. If that’s the best she’s got, then anyone who says “yes” to Optus is crazy.
The company is offering “most-affected” customers a free 12-month subscription to an identity protection service.
If Optus was doing its job, they wouldn’t need it.
More Coverage
Join the conversation
O’Brien: Big business needs to drop the Aust Day virtue signalling
The date of Australia Day should be changed, but corporate Australia needs to butt out of the debate. Pubs with no cheer should be boycotted.
Read more
O’Brien: How can students have faith in compromised VCE exams?
The latest VCE exams fiasco has surely left Victoria’s students and teachers with little faith in the compromised testing process and the body running it.
Read more