Optus executive fails to answer questions about data breach that affects 11 million customers
An Optus executive has been left red-faced after claiming on live radio that every customer affected by Australia’s biggest ever cyber attack had been notified – only for a victim to ring in and claim she hadn’t been told.
An estimated 11.2million Optus customers’ personal addresses, dates of birth, phone numbers, passport details and drivers licences may have been compromised in last week’s data breach.
A mysterious hacker who claims to be behind the breach has since demanded Optus hand over $1.5million in ransom money in the form of cryptocurrency Monero, or they will publish the data.
On Monday, Sally Oelerich – the telco’s director of corporate affairs for regulatory and public affairs – dialled into the 2GB Breakfast program and said: ‘For customers who’ve had their data compromised because of this attack we’ve now informed them’.
But customer Casey Robinson then phoned in, reporting her husband’s account had been hacked and personal details such as his phone number compromised as early as September 12.
Optus Director of Corporate Affairs Regulatory and Public Affairs Sally Oelerich was left red faced when she told 2GB’s Chris Smith all effected Optus customer had been contacted by the telco – only for a woman to ring in and say that wasn’t the case
A mysterious hacker who claims to be behind the breach has since demanded Optus hand over $1.5million in ransom money in the form of cryptocurrency Monero, or they will publish the data
When Mr Smith asked if the telco had been in touch with Ms Robinson, she said they had reached out to Optus themselves.
‘You have not been informed by Optus what you should do with your accounts?’ the radio host said.
‘Not at all, not one email,’ Ms Robinson replied.
Mr Smith then put the question to Ms Oelerich.
‘You said you’ve contacted everyone who you’ve thought have had their data compromised?’ he said.
2GB radio host Chris Smith fired off several questions to the Optus executive about the breach that has potentially impacted more than 11 million customers
Ms Oelerich responded: ‘As a result of this attack.’
‘You’re saying Casey’s scenario doesn’t fit the circumstances!?’ Mr Smith hit back.
Ms Oelerich then stumbled before apologising to Ms Robinson for the breach of her husband’s details.
‘It’s not something I would wish on my worst enemy,’ she said.
The executive then said all Optus customers who had been impacted by the breach had been contacted by the telco, before Mr Smith pointed out this wasn’t the case.
‘I don’t believe, well, I don’t know Casey’s individual circumstances or her partner,’ she said, before asking for Ms Robinson’s details and promising to personally follow up on her matter.
Earlier in the messy interview Ms Oelerich said she herself had been a victim of the cyber attack and had her driver’s licence number compromised.
She dodged several questions about claims from the hackers who allege they were behind the attack, instead telling Mr Smith the matter was under investigation.
It’s estimated that the personal addresses, dates of birth, phone numbers, passport details and drivers’ licences have been compromised for 11.2 million Optus customers
She added the alleged hackers had not contacted Optus directly, and couldn’t ‘validate if that was even legitimate’.
Tech experts believe the hacker’s claims are legitimate, but Ms Oelerich wouldn’t give an answer to whether she thought it was real or not, saying she was doing everything she had been advised to ‘protect customers’.
On Saturday morning the ransom demand appeared on an online forum with the hackers warning the telco it had one week to respond.
‘Optus if you are reading! price for us to not sale data is 1.000.000$US We give you 1 week to decide,’ part of the message read.
The warning comes as Optus customers take to social media to vent their frustration, with some claiming it took three days for Optus to start personally contacting them.
Pictured: Optus CEO Kelly Bayer Rosmarin
On Friday morning, CEO Kelly Bayer Rosmarin made an emotional apology to the millions of Optus customers whose details had been compromised.
She confirmed payment details and account passwords were protected but admitted she felt ‘terrible’ the breach had happened under her watch.
‘I think it’s a mix of a lot of different emotions,’ she said looking downcast.
‘Obviously I am angry that there are people out there that want to do this to our customers, I’m disappointed we couldn’t have prevented it.
‘I’m very sorry and apologetic. It should not have happened.’