Awkward radio interview with Optus executive amid hacking backlash
An Optus executive struggled to pass an interview this morning, appearing unable to answer a number of questions about the cyberattack and why there are still customers who have not been contacted.
Up to 9.8 million past and current Optus customers are at risk of having their personal data stolen after the telecommunications company suffered a massive security breach last week.
The attack resulted in Australians having their names, emails, phone numbers, date of birth, addresses and in some cases even driver’s license and passport numbers exposed.
The fallout from the breach was monumental, with many customers furious with the company’s handling of the situation.
Now an attempt to be “informative and transparent” with customers about the situation has resulted in a very bizarre interview for an Optus representative.
Optus Regulatory and Public Affairs Director Sally Oelerich spoke to 2GB’s Chris Smith on Monday morning, appearing to struggle to answer his questions throughout the interview.
RELATED: What to Do If You’re Affected by the Optus Cyber Attack
” I am here. I really try to be informative and transparent for your listeners,” Ms. Oelerich said.
“However, a big though, this is being investigated by the Australian Federal Police. There is a criminal behind this who attacked Australians, including me, my driving license was compromised.
Smith asked Ms Oelerich to confirm exactly the extent of the Optus data leak, noting that a person claiming to be a hacker claimed to be in possession of important data of around 11.2 million Optus customers.
Cybersecurity researcher and writer Jeremy Kirk claims to have been in contact with the hacker and believes the person is “the real deal”.
Ms Oelerich did not confirm whether the 11.2million number was accurate, although she said she was “aware” of Mr Kirk’s claims about the hacker.
She said no one had “picked up the phone to call us” to make the claims the hacker had made online.
“I can’t actually validate if it’s even legit. And part of that is part of that, you know, again, that’s being investigated,” she said.
Smith then pointed out that Mr Kirk had said the sample data provided by the hacker matched the breach and indicated that he could indeed be the person behind the attack.
“He thinks this hacker who claims… to have all this data is actually legit,” the radio host said.
There was a long pause before Ms. Oelerich asked, “Sorry, uh, was there a question?”
“Do you think this hacker is legitimate? He asked.
“Well, to me personally or to me as an Optus?” she answered.
Smith then said Ms Oelerich had seen what was posted online and again pointed out that Mr Kirk had traced some of the data provided to Optus customers.
“Yeah. That’s what Jeremy reported,” she said, before avoiding the previous question and instead talking about how she was also compromised and trying to do everything that came to her. had been advised in order to protect Optus customers.
When asked if Optus had notified all affected customers that their data had potentially been breached, Ms Oelerich confidently said yes.
“At this point, anyone whose most sensitive information has been compromised, such as driver’s license and passport member, we have contacted them through the information we have for them,” she said.
Optus client Casey Robinson then went on the air and revealed that her husband’s data had been hacked.
New loan accounts had been opened in his name using his license and his 2022 tax return had been filed.
Ms Robinson said the problems started on September 12 when they believed her phone number had been compromised.
She confirmed that they never received a single email from Optus informing them of the breach, but had to contact the telecom operator themselves.
“Sally, why didn’t Casey get an email from Optus?” You said you contacted everyone whose data you thought had been compromised,” Smith said.
“As a result of this attack,” Ms Oelerich replied, prompting Smith to wonder if she was suggesting that this situation was unrelated to the recent cyberattack.
‘I don’t…I don’t,’ Ms Oelerich said, before apologizing to Ms Robinson on behalf of Optus and saying it’s ‘not something I would wish on my worst enemy’ .
Smith chimed in, pointing out that Ms Robinson had been dealing with this for some time and suggesting it could be hack-related.
“What I can tell you Chris is that for the customers whose data was compromised due to this attack, we have now notified them,” Ms Oelerich said.
“You didn’t tell Casey Robinson,” Smith pointed out.
“I don’t believe…well, I don’t know Casey’s individual situation or that of his partner who appears to be the one going through this,” the Optus rep said, before saying she would personally follow up on her at this subject. publish.
Furious customers lash out at Optus response
This interview comes as many customers have complained about the treatment they received from Optus following the attack.
In one case, Optus refused to compensate a customer for completing a $15 credit check and in another, a young mum found she was unable to change her cell phone number to better protect herself without paying. a fee of approximately $1,000 to switch providers.
James*, who preferred to remain anonymous, learned he had been affected by the data breach and was quick to protect his identity and his money.
But the Sydneysider, 35, said the response he received from Optus was ‘despicable’ after he was ‘forced to set up’ an identity theft watchdog account through credit-checking agency Equifax , which costs $15 per month.
But when he asked Optus to cover the costs, a worker told him he was not entitled to any compensation.
“It’s a pretty despicable act as a business to allow a breach to happen and then refuse to help customers protect themselves when they’ve put those customers at risk,” he said. at news.com.au.
Olivia*, who also preferred to remain anonymous, from Launceston, said Optus assured her she had not been affected by the attack when she called after hearing about the breach.
However, a day later, she received a disturbing email stating that was not the case.
She was quick to change as much of her personal information as possible, but when it came to changing her phone number, she said Optus had made it so difficult she wanted to change telecom providers. for Telstra.
However, that would mean paying Optus $1,000 in cancellation fees and paying for a phone.
Olivia filed a complaint with the Telecommunications Ombudsman.
Optus CEO’s Tearful Apology After Cyberattack
Optus CEO Kelly Bayer Rosmarin said that as soon as the telecom operator learned of the hack, it took steps to stop it and launched an investigation.
Speaking to reporters on Friday, Ms Rosmarin apologized to customers.
She said she was “devastated” by the attack, which compromised information such as names, dates of birth, addresses, phone numbers and, in some cases, passport or driver’s license numbers.
Ms Rosmarin said Optus believed the number of people whose data had been stolen was significantly lower than its “worst-case scenario” of 9.8 million.
The amount of data stolen and the reason for the attack are not yet known, with the Australian Cyber Security Center and the Australian Federal Police investigating.
An Optus spokeswoman said on Saturday that Optus was contacting all customers to inform them of the impact of the cyberattack on their personal data.
“We will start with customers whose ID number may have been compromised, all of whom will be notified today,” she said.
“We will notify customers who had no impact last.”
She added that Optus would not send links in text messages or emails.
“If customers receive an email or text message with a link claiming to be from Optus, they are informed that it is not a communication from Optus,” she said.
“Please do not click on any links.
“We have been informed that our announcement of the attack is likely to trigger a number of claims and scams from criminals seeking financial gain, including through phishing scams via calls , emails and text messages and offering illegitimate customer details for sale.
“Again, we apologize.”
Optus customers whose data may have been stolen are asked to:
• Beware of possible fraudulent calls;
• Consider strengthening passwords and other online security measures; and
• Watch for more information from Optus in the coming days
How do I know if I am at risk?
Affected customers will be contacted by Optus in the coming days.
Customers who believe their data may have been compromised, or who have specific concerns, have been urged to contact Optus through the My Optus app (the company has said this is the safest way to interact with Optus ), or by calling 133 937.
Optus said it would not send links in emails or text messages.
What should I do to protect my data?
Customers were asked to change their online account passwords and enable multi-factor authentication for banking.
They are also advised to limit withdrawals for their banking operations.
“It is important to be aware that you are at risk of having your identity stolen and to take urgent action to prevent harm,” Scamwatch said in a statement.
“Scammers can use your personal information to contact you by phone, text or email.
“Never click on links or provide personal or financial information to anyone who contacts you out of the blue.”