Optus chief executive Kelly Bayer Rosmarin has assured none of its enterprise customers had been impacted by the large-scale data breach that hit the telco this week.
Speaking to journalists today, Bayer Rosmarin said Optus is investigating the unauthorised access of up to 9 million current and former customers’ information as a result of a cyber attack.
Bayer Rosmarin ensured that “no enterprise accounts have been affected,” however acknowledges that if customers use personal data to run their small businesses, they may have been impacted.
Optus, through its Optus Business division, offers IT services to business customers across Australia, including managed services and professional services, as well as cloud, cybersecurity, contact centre and collaboration services.
“When we work through it, we will be identifying specifically which customers and which fields of data and proactively contacting each individual customer with very clear explanations of which of their data has been exposed and potentially taken,”
Bayer Rosmarin added that it was still too early to tell who is behind the breach, whether it was criminal activity, or a state-based actor. She did not rule out the possibility of a ransomware attack, but said no ransom demands have been made so far. Bayer Rosmarin said that the IP address of the attacker shifted between several European countries, but added the attack did not necessarily stem from Europe.
“Obviously, I’m angry that there are people out there that want to do this to our customers. I'm disappointed that we couldn't have prevented it. It undermines all the great work we've been doing to be a pioneer in this industry, a real challenger and create new and wonderful experiences for our customers.”
“We are very sorry and understand customers will be concerned,” she said.
The telco yesterday disclosed the data breach, which exposed customer information like names, dates of birth, phone numbers, email addresses, physical addresses, driver’s licence numbers and passport numbers.
"We are devastated to discover that we have been subject to a cyberattack that has resulted in the disclosure of our customers’ personal information to someone who shouldn’t see it," Optus CEO Kelly Bayer Rosmarin said on Wednesday. She added Optus "acted immediately to stop any further action" after learning of the attack.
“Please be assured that we are working hard, and engaging with all the relevant authorities and organisations, to help safeguard our customers as much as possible,” Bayer Rosmarin said.
She added Optus was working with the Australian Cyber Security Centre to mitigate any risks to customers, while the Australian Federal Police, the Office of the Australian Information Commissioner and other regulators were also notified.
“Optus has also notified key financial institutions about this matter. While we are not aware of customers having suffered any harm, we encourage customers to have heightened awareness across their accounts,” Bayer Rosmarin said.
Optus services, including mobile and home internet, are not affected, and messages and voice calls have not been compromised. Payment detail and account passwords have not been compromised.
In its own announcement, the Australian Competition and Consumer Commission's (ACCC) Scamwatch warned affected customers to protect their accounts and watch out for scams following the data breach.
An Optus data breach also occurred in 2020, whereby the company faced class action after 50 thousand customers' details were sent to White Pages.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
