NewsBite

Advertisement

This was published 2 years ago

Optus hack to cost at least $140 million

By Zoe Samios
Updated

Optus chief executive Kelly Bayer Rosmarin has moved to defuse any lingering tensions with the Albanese government by praising its response to the Medibank cyberattack, as she revealed the carrier’s own data breach will cost it at least $140 million.

The Singapore owned telco was heavily criticised by senior government figures in September after hackers obtained the data of 10 million of its customers. Bayer Rosmarin welcomed the government’s more measured approach towards Medibank, which has been hit by an even more serious attack that has resulted in sensitive health data being publicly exposed.

“I do think that one of the things that was absent when we went public so early was context,” she said. “It was a new government - there was no context as to how complex these cyber incidents are, how long it takes to work through and reconstruct what data the hacker may have taken, how to communicate with customers.

“I do think the response in the case of Medibank has been mature and responsible from government and it’s great to see that happening because it’s in the best interest of Australian business and Australian consumers.”

“We are deeply sorry”: Optus chief Kelly Bayer Rosmarin

“We are deeply sorry”: Optus chief Kelly Bayer Rosmarin

The incident has already cost Optus 10,000 customers. The company has set aside $140 million for cybercrime related costs, including replacing hacked identity documents, complimentary subscriptions to credit monitor Equifax and an independent report commissioned by Deloitte. It also plans to invest more in enhancing the company’s cyber capabilities and rebuild trust.

“That’s our best estimate of the totality of costs that we can foresee at the moment. As the situation evolves, will continue to reassess,” she said.“It’s worth noting that there are a couple of regulatory reviews...we expect that they will fairly assess the totality of our substantial investment in cyber, so we’re not expecting anything to come out of those, but of course, it could and those cannot be provided for.”

Bayer Rosmarin attributed the majority of customer churn to a halt in marketing efforts as the company’s focus turned to managing affected customers.

“We were a large part of influencing that outcome,” Bayer Rosmarin said. “What we have seen since we’ve started turning some of that [marketing] activity back on is obviously an improving trajectory of that negative response. In the context of our more than 10 million mobile customers, the impact remains quite proportionate.”

Optus revealed on September 22 it was the victim of a major cyber breach, which affected more than 10 million former and current customers. The company hired Deloitte to conduct a review of the attack, and the telco is also being investigated by Australia’s privacy and telecommunications watchdogs.

Advertisement

Bayer-Rosmarin used the results to apologise again for the damage to customers and to thank the government and the federal police for their assistance in the month since the attack. She conceded the government lacked “context” in the early handling of Optus’ crisis.

Loading

“At this moment in time, we are not aware of any harm coming to any cut through misuse of this data and that is thanks to the very fast and collaborative work of the Optus team with the ACSC and the Australian police,” Bayer Rosmarin said. “We hope to keep it that way.”

The comments were made as Optus revealed a one per cent increase in operating revenue to $3.96 billion for the first half, driven by gains in mobile service revenue. Optus said its mobile customer base had grown by 304,000 in the first six months of the year, driven by the return of international travel and higher foot traffic. The reporting period includes the date of the cyberattack and concluded on September 30, but does not account for the churn that occurred in the weeks after.

Optus said earnings [before interest, tax, depreciation and amortisation] grew 2.2 per cent to $1.1 billion, but the telco swung to a net loss of $57 million. This is because parent company Singtel wrote down the goodwill of the local entity by more than $1 billion, due to “steep interest rate hikes, as well as a weaker Australian dollar against the Singapore dollar.”

The Business Briefing newsletter delivers major stories, exclusive coverage and expert opinion. Sign up to get it every weekday morning.

Most Viewed in Business

Loading

Original URL: https://www.smh.com.au/business/companies/optus-puts-aside-140m-to-replace-customers-hacked-identity-documents-20221110-p5bx4g.html