NewsBite

Advertisement

This was published 2 years ago

‘Actions speak louder than words’: 150,000 passport numbers in Optus hack

By Nick Bonyhady
Updated

At least 2.1 million personal identification details, including 150,000 passport and 50,000 Medicare numbers, have been stolen in the Optus data hack as the company’s embattled chief executive Kelly Bayer Rosmarin hit back at government criticism, suggesting people calling the attack “basic” were ill-informed.

Bayer Rosmarin defended the company’s communications with customers in an interview with The Sydney Morning Herald and The Age while Optus revealed 9.8 million people had their data accessed but said 7.7 million do not need to replace documents.

Optus chief executive Kelly Bayer Rosmarin has said people talking about the nature of the hack are “not talking from a position of knowledge”.

Optus chief executive Kelly Bayer Rosmarin has said people talking about the nature of the hack are “not talking from a position of knowledge”.Credit: Dominic Lorrimer, Eddie Jim

In comments likely to continue tensions with the federal government, Bayer Rosmarin hit out at those who have called the attack “basic”, which includes Home Affairs Minister Clare O’Neil, saying it was too early to know the nature of the hack.

“There has been no review and no report on the nature of what has occurred,” said Bayer Rosmarin, who would not discuss the nature of the attack, citing police advice. “So anyone saying anything about it is not talking from a position of knowledge.”

Optus on Monday announced an external review of the largest cyberattack in Australian corporate history but would not commit to releasing the full review to be done by consultancy firm Deloitte.

Loading

Optus has come under sustained criticism from the federal government over the past ten days, including attacks on the company for having insufficient safeguards to protect consumers’ information and taking too long to inform customers about whether they had been caught up in the breach.

On Monday, Bayer Rosmarin defended the company’s communications process.

“As we’ve had the data about what information is compromised for each person, we have been communicating to them,” she said. “And we’ve been working with the licensing authorities so that they’re in a position to actually help those customers, and so we don’t create more chaos and confusion.”

Advertisement

O’Neil and Government Services Minister Bill Shorten criticised Optus over the weekend for not providing data on who had their Medicare and Centrelink numbers accessed.

Bayer Rosmarin said that Optus had provided data to the Office of the Australian Information Commissioner, the independent agency that deals with privacy and data issues, and planned to give requested information to Shorten’s department.

“We received a request from Services Australia to provide them some information by October 4, and we intend to fully comply with that,” Bayer Rosmarin said.

The government is hopeful that Services Australia will receive the data within 24 hours.

“It shouldn’t take a rocket from the government to ignite some action from Optus,” Shorten told The Sydney Morning Herald and The Age on Monday. “It’s day 12 and we’re still waiting on all the information we need to help people.”

Loading

“Services Australia had more contact from Optus today than any other day, so actions speak louder than words.”

After almost two weeks of investigation, Optus has confirmed a series of numbers about the hack. Of the 9.8 million whose data was accessed, Optus believes 7.7 million do not need to replace documents. That could be because their identity document data was not collected, was not recorded properly, or is out of date and cannot be used to verify their identity.

Bayer Rosmarin said just after the hack was disclosed that the 9.8 million figure was an “absolute worst-case scenario” and Optus believed the true number to be lower. Optus has also previously said only about 37,000 Medicare numbers were affected.

There are another 2.1 million customers with identification numbers that potentially require replacement. Some 900,000 of those are expired, Optus believes, but may need replacement because of the practices in some states.

Loading

All up, 150,000 passport numbers were affected along with 50,000 Medicare numbers, Optus confirmed. A major portion of these are expired.

Optus has apologised for the hack in interviews and national newspaper ads. Asked whether it would also apologise for the communications after the hack, which the government and customers have viewed as poor, Bayer Rosmarin said: “We’re very, very apologetic for any aspect of this and how it’s created concerns for our customers. We have done our best to provide as much information as we can as quickly as possible.”

She said the company was listening to customers and making sure its website was the source of up-to-date information. “Unfortunately, this is a more complex issue than we would like with so many different requirements and implications from different licensing authorities.”

Optus will not release the Deloitte review in full and did not provide a deadline for when it will be completed. However, the telco has said it is working with the government and plans to share “key learnings” from its report.

“I’m sure that you can understand that when it comes to cybersecurity defences, a forensic review into that and its controls would be impossible to make public for every hacker out there to look at,” Bayer Rosmarin said.

The Business Briefing newsletter delivers major stories, exclusive coverage and expert opinion. Sign up to get it every weekday morning.

Most Viewed in Technology

Loading

Original URL: https://www.smh.com.au/link/follow-20170101-p5bmr5