NewsBite

Optus offers free credit monitoring to customers after cyberattack, class action announced

Optus has offered a major olive branch to customers “most affected” by last week’s cyberattack as the storm around the telco grows.

Government calls on Optus to ‘do something’ about security problems

Optus will offer the people who were “most affected” by last week’s cyberattack a free subscription to an identity protection service.

It comes after Cybersecurity Minister Clare O’Neil demanded the Singaporean-owned telco giant provide free credit monitoring for customers to detect potential fraud after a massive data breach that could now trigger a multimillion-dollar class action.

Warning the data breach was of a magnitude that would spark “hundreds of millions of dollars in fines” elsewhere in the world, Ms O’Neil told parliament that Optus needed to reassure customers.

“Responsibility for the security breach rests with Optus and I want to note that the breach is of a nature that we should not expect to see in a large telecommunications provider in this country,” she said.

“We expect Optus to continue to do everything they can to support their customers and former customers. One way they can do this is providing free credit monitoring to impacted customers.”

Stream more tech news live & on demand with Flash. 25+ news channels in 1 place. New to Flash? Try 1 month free. Offer ends 31 October, 2022 >

Cybersecurity Minister Clare O’Neil. Picture: Pradeep Pathirana
Cybersecurity Minister Clare O’Neil. Picture: Pradeep Pathirana

Credit monitoring is the tracking of an individual’s credit history for any changes or suspicious activities.

A credit monitoring service will show an individual’s credit report and provide them with new information regarding new credit inquiries or accounts.

On Monday, Optus said it would offer some customers a 12-month subscription to the credit monitoring service Equifax Protect.

“The most affected customers will be receiving direct communications from Optus over the coming days on how to start their subscription at no cost,” the company said in a statement.

“Please note that no communications from Optus relating to this incident will include any links as we recognise there are criminals who will be using this incident to conduct phishing scams.”

Optus said no passwords or financial details had been compromised in the hack that stole other personal information of up to 9.8 million of its users dating back to 2017.

As foreshadowed over the weekend, Ms O’Neil also hinted that legislative reform may be required to avoid a repeat of the data breach in the future.

“One significant question is whether the cybersecurity requirements we place on large telecommunications providers in this country are fit for purpose. I also noted that in other jurisdictions, a data breach of this size will result in fines amounting to hundreds of millions of dollars,” she said.

Law firm Slater and Gordon has revealed it is considering a class action against Optus over what was “potentially the most serious privacy breach in Australian history”.

Slater and Gordon senior associate Ben Zocco said all legal options were being considered.

“This is potentially the most serious privacy breach in Australian history, both in terms of the number of affected people and the nature of the information disclosed,” Mr Zocco said.

“We consider that the consequences could be particularly serious for vulnerable members of society, such as domestic violence survivors, victims of stalking and other threatening behaviour, and people who are seeking or have previously sought asylum in Australia.”

“Given the type of information that has been reportedly disclosed, these people can’t simply heed Optus’ advice to be on the lookout for scam emails and text messages, Mr Zocco continued.

Optus has offered free credit monitoring. Picture: Bianca De Marchi/NCA NewsWire
Optus has offered free credit monitoring. Picture: Bianca De Marchi/NCA NewsWire

On Thursday, Optus revealed that about 9.8 million Australians had potentially been impacted by the security breach, which resulted in past and present customers having their names, emails, phone numbers, date of births, addresses and in some cases even drivers’ licence and passport numbers stolen.

Optus has received major backlash in the wake of the cyber attack, with customers blasting the telco for its response to the situation.

On Friday, it was revealed that Optus knew about the breach on Wednesday, though they didn’t release an official statement until Thursday afternoon, after The Australian had already published an article about the cyber attack.

Optus CEO Kelly Bayer Rosmarin said she first found out about the attack “less than 24 hours before we went live to the press”.

“It was only late that night that we were able to determine that it was of a significant scope. I think that was sort of a late night call. And by 2pm the next day we had notified everybody and tried to get all our ducks in a row,” she said.

Nearly 10 million Australians have potentially been impacted. Picture: iStock
Nearly 10 million Australians have potentially been impacted. Picture: iStock

Customers have also been complaining about the lack of support they received from Optus in the days following the cyber attack.

In one case, Optus refused to compensate a customer for running a $15 credit check and in another, a young mum has discovered that she is unable to change her mobile phone number to better protect herself without copping a fee of about $1000 to switch providers.

James*, who preferred to stay anonymous, learned he had been impacted by the data breach and raced to protect his identity and his money.

But the Sydneysider, 35, said the response he received from Optus was “despicable” after being “forced to set up” an identify theft monitoring account via credit checking agency Equifax, which costs $15 per month.

But when he requested that Optus cover the cost, a worker told him he wasn’t entitled to any compensation.

“It’s a pretty despicable act as a company to allow a breach to occur and then refuse to assist customers to protect themselves when they expose those customers to the risk,” he told news.com.au.

Optus CEO Kelly Bayer Rosmarin has apologised. Picture: John Feder/The Australian
Optus CEO Kelly Bayer Rosmarin has apologised. Picture: John Feder/The Australian

A self-described hacker claims to have important data about 11.2 million Optus customers, including their names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses and ID document numbers such as driver’s licence or passport numbers.

“Optus if you are reading! price for us to not sale data is 1.000.000$US We give you 1 week to decide,” part of their message reads on the forum.

The hacker showed a sample of the dataset to prove their authenticity, which cyber security researcher and writer Jeremy Kirk from ISMG Corp said aligned with the breach and indicated they may indeed be the person behind the breach.

“I just ran 13 email addresses from the first batch of sample data from the alleged Optus leak through Haveibeenpwned [a website that shows if your email or phone number has been involved in a breach]. Six come back as unique (not in another breach indexed in HIBP).

“Again, another strong sign that the Optus data is real,” he wrote on Twitter.

On Friday, Delia Rickard, Deputy Chair of the Australian Competition and Consumer Commission (ACCC), warned that other telcos could be vulnerable to similar attacks.

“In this day and age cybercrime is huge and whilst most agencies are spending a fortune to protect themselves you can’t say that anyone is 100 per cent safe,” Ms Rickard told Nine’s Today.

— with NCA NewsWire

Original URL: https://www.news.com.au/technology/online/hacking/optus-offers-free-credit-monitoring-to-customers-after-cyberattack-class-action-announced/news-story/aff801386a704e7f3f5ee6ceacc8906d