Optus customers are right to be ropeable
Data breaches can happen to anyone. But the nation’s second largest telco has let down its 10 million customers multiple times – firstly by allowing their data to be taken, but secondly – and perhaps more egregiously – taking days to let those customers know, and going first to the media.
Last week’s massive data breach, first reported by The Australian, is already looming as a future history lesson in cyber security.
One of Optus’ first mistakes was to have that amount of sensitive data of millions of customers all in one place.
The troves of data were reportedly not taken in a cyber attack per se, but by an open API endpoint.
This is the cyber equivalent of leaving the front door open, then being shocked that someone would come in and try to take everything.
The hacker, known online as ‘Optusdata’, is now attempting to extort Optus for $US1m in cryptocurrency.
The pain associated with that mistake, while significant, could have been somewhat eased had the company been quick to contact its 10 million or so affected customers. It didn’t, instead going through the media.
Chief executive Kelly Bayer Rosmarin performed strongly in front of reporters at a press conference on Friday, diligently and honestly answering as many questions as she could.
But the people with the most pressing questions are not journalists, they’re Optus customers.
There is a palpable anger now and frustration among customers, many of whom say they are still yet to receive any notification that their personal information was caught up in the breach.
Millions across the country now face anxious wait to see what comes next.
Our new shiny digital era has brought with it a lot of promise.
But central to that notion is trust – that the companies to which we hand over all our private and sensitive data will treat it with respect.
Obviously no user is every truly fully safe online, and no company is not at risk from a data breach or cyber attack.
Common sense can go a long way when it comes to how we interact online.
But Optus customers in this case are not at fault, and could not have forseen such a shocking outcome.
There are different ways to handle an incident when you are a victim, and Optus has been too slow in trying to make things right.
The telco now faces a mounting class action lawsuit, and millions of angry customers, many of whom are likely already lining up at a Telstra or TPG store to change provider.
The government will now likely change the law to force a company like Optus to be faster in contacting affected customers in future.
Local Optus executives will this week face an angry Singtel board, who are visiting from their head office in Singapore, but that’s cold comfort for the 10 million current and former customers who through no fault of their own have had some of their most sensitive data stolen.