Optus Cyberattack: Warns Other Carriers May Be at Risk of Compromise

After learning about the massive cyberattack through the media, rather than being told about it in person, Optus customers furiously lashed out at their telcos.

Now it’s revealed that Optus knew about Wednesday’s breach, but didn’t release an official statement until Thursday afternoon. Australian person We had already published an article about cyberattacks.

Optus confirmed data breach in statement Around 9 million people were reportedly affected by attacks on Thursday afternoon.

“Information that may have been disclosed includes customer names, dates of birth, telephone numbers, email addresses, and, for some customers, addresses, and identification numbers such as driver’s license and passport numbers. including,” the carrier said in a statement. .

“Payment details and account passwords have not been compromised.”

On Friday morning, Optus CEO Kelly Bayer Rosmarin said reports of 9.8 million records compromised were an “absolute worst case scenario.”

She described the situation as a “sophisticated attack” and said she learned of the breach less than a day after the situation was made public.

Bayer Rosmarin said, “We learned about it less than 24 hours after it was broadcast live to the media.

“It wasn’t until later that night that I was able to determine that it was a critical extent. I think it was a late-night call. By 2pm the next day, I had to notify everyone and get all the ducks in line.” I tried to line them up.”

Bayer Rosmarin seemed emotional at the end of the press conference when asked how he felt about the data breach.

“Obviously, we’re upset that some of our customers want to do this,” she said, appearing to be in tears.

“We are disappointed that all the great work we have done as pioneers in our industry and true challengers of creating new and amazing experiences for our customers has been ruined.”

About 2.8 million customers had all their details stolen in the attack, and about 7 million customers had information such as date of birth, email address and phone number stolen by hackers. Australian person report.

talk 2GB Ben FordhamOptus Vice President of Regulatory and Public Affairs Andrew Sheridan said he wanted to “directly apologize” to affected customers.

“I think transparency is important in situations like this,” he said Friday morning.

Fordham then questioned why it took Optus so long to release a statement, and why he only did so after the story had already been announced.

“Information from Optus Australian personbut when it comes to media use…” Sheridan said before being interrupted by a radio host.

“But wait a minute, it’s been known to Optus for a long time. Australian person Post their stories online.I didn’t know it because I read it Australian person newspaper,” he said.

“No doubt Ben and we were preparing to issue a media release,” Sheridan said, before Fordham stepped in again and asked when Optus actually learned about the breach.

“Late Wednesday, I knew about the breach,” he replied.

“You knew about it on Wednesday. You didn’t reveal it on Wednesday, or Thursday morning, or Thursday lunchtime,” Fordham said.

“It was after Australian person The newspaper published a story on its website that you issued a statement. If you care about protecting your customers, why didn’t you warn them the moment you became aware of this potential breach?”

Sheridan claimed that Optus actually acted “very quickly” and that there are “many steps” that need to be taken in these situations.

“I have to call you Andrew. I don’t think you acted quickly,” Fordham said.

2GB Host claimed there were numerous past instances of companies notifying customers of potential breaches immediately.

“You guys didn’t do that,” he said.

When asked if Optus can guarantee to immediately alert customers if something like this happens again, Sheridan said it can’t make that promise.

He said he would notify customers “as soon as it is sensible” to ensure they are provided with accurate information.

Furious customers have taken to social media to blame Optus for getting into this situation.

“Email check. No word from Optus about this,” Dave Earley, The Guardian’s audience editor, said on Twitter.

“It’s scary that customers know about it through the media and not through Optus,” said another Twitter user.

Another poster wrote: “Disgusting. You didn’t tell anyone about this data about his hack and he didn’t get a single email. Just found it today from a news source and I’m not happy!”

‘No one can say it’s safe’: new warning

Delia Rickard, Deputy Chairman of the Australian Competition and Consumer Commission (ACCC), has issued a new warning as telcos continue to drag on from the attacks.

talk to nine todayshe warned that other carriers may also be vulnerable to similar security breaches.

“Cybercrime is huge in this day and age, and most institutions are spending big bucks to protect themselves, but no one is 100% safe,” said Rickard.

The breach is believed to have been initiated via a vulnerability in Optus’ firewall and affects both current and former customers.

Rickard said there are many things you can do to protect yourself if you’re concerned that your personal information has been exposed.

Simple steps like enabling two-factor authentication at all banks and regularly checking your account for unknown purchases can help keep your details safe.

Rickard also said people should be careful about contacting them from potential scammers.

“One of the very important things is when you get a call from someone you didn’t expect. You can’t know what you’re dealing with,” she said.

“Scammers have so much data about you that they know your name and age and can personalize their scams. If you know the details of someone, you know that you are much more likely to trust them.

“That’s why I think I’m also very skeptical.”

You can also take a free credit check every three months. This allows you to see if someone has applied for a loan in your name.

Rickard said the whole situation was “very concerning”.

The mystery surrounding the hackers responsible for the attack

It is still unknown who was responsible for the Optus attack, and officials continue to hunt for the hackers involved.

Bayer Rosmarin said Optus has never received a ransomware claim and the attack is subject to criminal prosecution.

“We are all public. It could be a crime, it could be a state-based actor. We are working closely with all government authorities and the Australian Federal Police to investigate.” ” she said on Friday morning.

Alastair MacGibbon, former head of the Australian Cyber ​​Security Center, believes the breach was most likely caused by a criminal group.

“They take information and monetize our personal data,” he told Nine’s. current affairs.

“The fact that Optus came out so quickly is actually a big win for us.

“That’s pretty quick in cybercrime terms.”

MacGibbon said the organization sometimes spends a week investigating hacks before notifying the government.

Bayer Rosmarin said the phone company acted immediately to halt further action after learning of the attack, and authorities were called to help investigate the source.

“I’m very sorry, but I know you’re worried,” she said.

“Please rest assured that we are working hard and cooperating with all relevant authorities and organizations to protect our customers as much as possible.

“Optus has also notified major financial institutions about this issue. We encourage you to raise awareness across your account, including caution.”

Optus says its services have not been compromised and are safe to use, with no messages or voice calls compromised.

Optus said it will send “proactive and personal notices” to customers it identifies as “high-risk,” but said it will not send links in emails or SMS messages.

Telecom companies have told customers to visit their website for information or to contact them if they have any concerns.

Australian Federal Police said on Thursday it had been notified of the incident but could not comment further.

The Commonwealth Government is aware of this situation and the Australian Cyber ​​Security Center is providing security advice and technical assistance.

– at the NCA Newswire

Optus Cyberattack: Warns Other Carriers May Be at Risk of Compromise

Source link Optus Cyberattack: Warns Other Carriers May Be at Risk of Compromise

Back to top button