- Exclusive
- Business
- Companies
- Optus data breach
This was published 2 years ago
‘Before you leave - can we talk?’: Optus cajoles customers to stay
By Zoe Samios, Nick Bonyhady and Lucy Cormack
Optus is scrambling to hang on to disaffected users caught up in the cyberattack that compromised the personal data of millions of Australians last month, as some customers complain that the telco is dragging its heels as they attempt to switch carriers.
This masthead has received multiple reports from industry sources and customers who claim Optus subscribers are facing barriers in their attempts to leave the carrier including security rules introduced in recent months and cancellation fees.
Optus is also running advertisements against Google search results for queries involving “Optus” and “cancellation”. The advertisement says: “Before you leave - can we talk?”
In a statement, an Optus spokesperson said the carrier would only impose cancellation fees on fixed contracts.
“For customers who are on month-to-month plans without a device, they can simply exit their contracts without any cancellation fees,” an Optus spokesperson said. “Customers who have a repayment plan for the device will be required to pay off the remaining device repayments or applicable cancellation fees as part of their agreement with Optus.”
The NSW minister in charge of driver’s licence replacements, Victor Dominello, said Optus had sent so many messages to customers it risked confusing them and leaving people at risk of fraud.
Customers who are on month-to-month plans that don’t include a device can exit without any fees, but the telco is not waiving the rules for people tied to long-term contracts. Optus sources said long-term contracts form a small part of its customer-base, but the exact split between month-to-month contracts and fixed-term agreements is unclear.
The industry sources said people are complaining they are being passed through various Optus departments as controls are tightened on who can give information out to protect customers from scams.
They said Optus has also introduced more stringent checks for those exiting the telco, such as two-factor authentication. The industry standard is what is known as pre-port verification, which means that involves a code sent to the device via SMS to authorise a change in providers.
In a blog post in June, Optus’ vice president of regulatory and public affairs Andrew Sheridan announced the authentication change in a bid to improve security. It requires customers to update information in the My Optus app, and is used even when customers leave Optus.
After publication, Sheridan said in a statement it was “absolutely incorrect” to suggest the rules were being used to keep customers rather than protect them.
“These are rules that were put in place by the regulator announced by the Government designed to address community concerns over scams and fraud using communications services,” he said. “These rules protect customers from fraud.”
The data of almost 10 million people was stolen from Optus three weeks ago, a breach which has led to intense scrutiny, federal government promises of new privacy measures and investigations by watchdogs.
Of the 16,500 NSW Optus customers who were told they would require a new licence, which is lower than other states due to recently introduced verification checks, only 5283 people have replaced their licence. NSW Customer Service Minister Victor Dominello said the low take up among the worst affected customers showed Optus messaging was failing to cut through.
“Obviously more needs to be done by Optus to make sure they are reaching out to the 70 per cent to ensure they replace their licence ASAP,” he said. “Optus sent that many communications they became miscommunications and people became perhaps blasé about it. That’s why Optus have to fix it. There is a serious fraud risk. They could be seriously subject to cybercrime, it’s as simple as that.”
While only 32 per cent of the most affected people have replaced their cards figures from the Department of Customer Service show more than 62,000 people have applied for a replacement card since the data breach was announced. Of those, more than 90 per cent have had their replacement mailed to them.
The Office of the Australian Information Commissioner (OAIC) and the Australian Communications and Media Authority (ACMA) announced co-ordinated investigations on Tuesday to scrutinise whether Optus needed to keep extensive data on millions of its customers and how it was stored.
ACCC chair Gina Cass-Gottlieb said this week that the regulator’s scam team had received about 600 complaints between September 22 and October 4 related to the breach, though they are not necessarily using information gleaned from the hack itself.
While Optus is not waiving cancellation fees for fixed-term contracts, other sources said the telco is offering discounts to affected customers.
One Optus customer, who spoke on condition of anonymity, said he had received no information on exactly which parts of his personal information had been taken in the hack beyond a generic initial email. When he contacted Optus’ support chat, a representative had no further details but promised the company would contact the customer with an “offer” to encourage him to stay with the beleaguered phone network. Other people inside Optus said they were not aware of such plans.
The Business Briefing newsletter delivers major stories, exclusive coverage and expert opinion. Sign up to get it every weekday morning.