And the telco giant is also still unsure how many customers have given their personal information — including emails, phone numbers and identification documents like licenses and passports — to hackers.
But in a carefully managed media briefing on Friday, Optus CEO Kelly Bayer Rosemary said she was “angry” about the hack, which is being described as the biggest data breach in recent Australian history.
“I’m very sorry and I apologize that this shouldn’t have happened,” Bayer Rosemary replied to a question approved by the telco team.
Optus is on its second day of damage control after it was revealed it suffered a cyber attack on Wednesday. But when asked on Friday, Bayer Rosmarin did not want to comment on how the hack came about.
“The exact mechanisms are under criminal investigation and we won’t disclose that — it’s safe to say it was a sophisticated attack,” she said.
In a briefing more about what Optus doesn’t know about the hack than what it does, Bayer Rosemary also addressed reports claiming that the data of up to 9.8 million Optus customers was exposed became.
She said that number is the “absolute worst case scenario” and that there is “reason to believe the number is actually smaller”.
“We are working to reconstruct exactly what the attackers received,” said Bayer Rosmarin.
“What is important is that it is a very small subset of data. It contains no financial details.”
Bayer Rosemary said Optus first identified the hack on Wednesday after someone noticed some “suspicious activity” — she was briefed on the cyberattack in a phone call from Optus’ chief information officer.
Optus has since temporarily disabled SIM card swapping and replacements across its online, phone and messaging services, and is now requiring customers to visit a store and identify themselves.
Bayer Rosemary confirmed that Optus would contact any customers affected by the hack, but did not answer questions about whether Optus will pay compensation to customers whose data was stolen.
2017 customers could be affected, as Optus is required by law to keep user records for six years, the company said.
“Our priority will start with the customers, which are most areas [of data] may have been debunked,” said Bayer Rosmarin.
“In the next few days, all customers will know which category they fall into.”
In a follow-up statement sent to The New Daily, Optus said it was “still finalizing” details on customer compensation following the cyberattack.
Bayer Rosemary said Optus had not received any claims from the hackers regarding the stolen data, adding that the company and authorities are still investigating whether the criminals were private or state-sponsored.
“As a critical infrastructure in the communications industry, we are obviously aware that we are a constant target for both government actors and criminals,” she said.
“This particular one [attack] is like nothing we have seen before.”
Regulators have warned Optus customers to be vigilant against scammers and identity theft following the data breach.
Australia’s Competition and Consumer Commission Deputy Commissioner Delia Rickard said on Friday that the information stolen in the hack could be used to make a scam attempt “much more convincing”.
Liberal Senator James Paterson, former chairman of the Parliamentary Intelligence and Security Oversight Committee, told ABC on Friday that the Optus hack was the most significant in recent Australian memory.
“Of particular concern is the nature of the information that appears to have been stolen,” he said.
“It is personally identifiable, identifying information such as people’s names, their phone numbers, their email addresses, their home addresses, and in some cases even identification numbers such as passports[s].”
Bayer Rosmarin called for a response from “Team Australia” to the hack.
“We don’t yet know who these attackers are and what they intend to do with this information,” she said.
– The new daily newspaper
Local news matters
Media pluralism is under threat in Australia – nowhere more so than in South Australia. The state needs more than one voice to move it forward, and you can help with a donation of any size to InDaily. Your input directly helps our journalists uncover the facts. Please click below to help InDaily continue uncovering the facts.