This was published 2 years ago
Optus recruits crisis expert as poor hack notification shreds brand
By Zoe Samios and Nick Bonyhady
Optus has hired former Howard adviser and journalist David Luff to help it navigate through its hacking crisis amid ongoing criticism from the federal government and customers on its handling of the attack that exposed the personal data of nearly 10 million customers.
Government services minister Bill Shorten turned up the heart on Optus on Tuesday, taking the telco’s executives to task over the long delays in telling customers how badly they had been affected by the hack.
Shorten added to the criticism from the weekend in a press conference on Tuesday, declaring Optus’ senior management were “kidding themselves” if they believed they had done a good job of communicating with customers, as he acknowledged the telco had handed over the information requested by Service Australia.
“I’m pleased that our Service Australia people were able to get data finally today but…senior management are kidding themselves if they want a medal for the way that they’ve been communicating,” he said.
“Even a crocodile wouldn’t swallow that. My beef was that we shouldn’t have to play hide and seek and wait until day 13 to get material. I’m pleased though now that material has been provided, we get to see if it’s in a form [in] which we can consume it.”
An Optus spokesperson said the telco appreciated the government’s collaboration. “We recognise that many people have been frustrated by this theft of their personal information,” a spokesperson said. “Optus is working constructively with the more than 20 government agencies and regulatory bodies to support and protect our customers.”
Optus’ regulatory and public affairs team is overseen by former NSW Premier Gladys Berejiklian while customer communication sits in a separate division called consumer business. However, the entire group has faced backlash from customers and government ministers for its communications strategy.
Some Optus customers have claimed that they have received faulty information from the telco on how much of their data had been exposed, while others have complained of receiving minimal communication.
Two weeks of backlash and criticism has resulted in the recruitment of Luff, an adviser to former prime minister John Howard, Telstra, Rio Tinto and a long-time journalist at The Daily Telegraph. Luff and Optus were approached for comment.
Australia’s privacy commissioner is considering a formal investigation into the Optus hack, which exposed the data of almost 10 million people last month. Privacy Commissioner Angelene Falk wants the power to hit corporations that fail to safeguard personal data with penalties into the billions of dollars after the Optus hack.
“We do need to have a deterrent that is more than the cost of doing business,” Falk said on ABC’s 7.30 program on Monday. “Currently, I can seek civil penalties to the Federal Court of $2.1 million. But overseas there are penalties as large as 4 per cent of global turnover.”
Those penalties, which are in force in the European Union, could equate to billions of dollars if ever levied against the largest internet firms, such as Google owner Alphabet, or hundreds of millions if applied to a firm the size of Optus’ Singaporean parent company Singtel.
In an interview with The Sydney Morning Herald and The Age on Monday before Falk’s comments on 7.30, Optus chief executive Kelly Bayer Rosmarin argued calls for higher fines would not help because everyone at the company was already sorry and working to regain customers’ trust.
“So I don’t think that an idea that we need extra incentive to do what’s right for customers makes a lot of sense,” Bayer Rosmarin said.
She declined to comment on whether a $2.1 million potential maximum fine for the Optus breach - which included driver’s licences, passport and Medicare numbers as well as millions of names, addresses and emails - was appropriate, saying Optus was focused on customers.
Two national law firms, Slater & Gordon and Maurice Blackburn, are investigating group claims against Optus that could yield much larger total payouts to affected customers, though that would be compensation rather than a fine.
Opposition cybersecurity spokesman James Paterson has called on Optus to make a review into the hack, to be carried out by consultancy firm Deloitte, public.
The telco has said it was not committed to releasing th review because of the sensitive security information it will contain.
“When Optus announced this review by Deloitte they said it was in part about “rebuilding trust” with customers,” Paterson told The Sydney Morning Herald and The Age. “It’s hardly going to achieve that if it is kept secret.”
Get news and reviews on technology, gadgets and gaming in our Technology newsletter every Friday. Sign up here.