Optus CEO Kelly Bayer Rosmarin’s emotional apology after millions of customers had details hacked

0

The Optus CEO has apologized emotionally after the personal data of nearly 10 million customers may have been stolen by foreign hackers.

The massive cyber breach allowed hackers to access the personal information of the telco’s customers, including passport and driver’s license numbers, email and home addresses, dates of birth and phone numbers.

The company’s boss, Kelly Bayer Rosmarin, confirmed that payment details and account passwords had not been compromised, but admitted she was “terrible” that the breach had occurred under her supervision.

“I think it’s a mix of a lot of different emotions,” she said downcast.

“Of course I’m angry that there are people who want to do this to our customers, I’m disappointed that we couldn’t have prevented it.

The telco’s boss, Kelly Rosmarin, confirmed that payment details and account passwords had not been compromised, but admitted she was “terrible” that the breach had taken place under her supervision.

‘I am very sorry and apologise. It shouldn’t have happened.’

Ms Bayer Rosmarin also revealed that the IP addresses associated with the hackers had moved in several European countries and that it was an “advanced” breach.

She added that it was too early to say whether it was a criminal organization or whether another state was responsible for the attack.

The data that may have been stolen dates back to 2017.

Ms Bayer Rosmarin said the reported figure of 9.8 million people who had their data breached was the worst case scenario, and Optus expected the number to be much less.

“It’s a small subset of data, it doesn’t contain financial details, it doesn’t contain passwords,” she said.

It comes after Optus was called out for failing to tell nearly millions of customers for nearly 24 hours that their personal information may have been stolen.

Optus Regulatory and Public Affairs Vice President Andrew Sheridan said the company learned of the breach late Wednesday.

He was forced to defend the telco when 2GB host Ben Fordham wondered why they had waited until 2pm Thursday to release a press release.

Optus has been sued for waiting nearly 24 hours to tell nearly 10 million customers that their personal information may have been stolen by hackers

Optus has been sued for waiting nearly 24 hours to tell nearly 10 million customers that their personal information may have been stolen by hackers

Optus has been sued for waiting nearly 24 hours to tell nearly 10 million customers that their personal information may have been stolen by hackers

Fordham said the Australian newspaper first released news of the breach at 1 p.m. on Thursday, with Optus issuing a release an hour later.

“You knew on Wednesday… it wasn’t until the Australian newspaper plopped the story on their website (Thurs) that you released a statement,” Fordham said on his radio breakfast program Friday.

“If you want to protect your customers, why didn’t you warn them as soon as you were aware of this potential breach?”

Mr Sheridan said there were “a number of steps” to be taken in the event of cyber incidents.

“When you look at incidents like this, I think we acted very, very quickly,” he said.

He was then cut off by Fordham, who said he didn’t think the telco had acted fast enough.

“I have to warn you about this Andrew, I don’t think you acted fast at all,” he said.

Optus Regulatory and Public Affairs Vice President Andrew Sheridan said the company learned of the breach late Wednesday.  Optus only issued a press release on Thursday

Optus Regulatory and Public Affairs Vice President Andrew Sheridan said the company learned of the breach late Wednesday.  Optus only issued a press release on Thursday

Optus Regulatory and Public Affairs Vice President Andrew Sheridan said the company learned of the breach late Wednesday. Optus only issued a press release on Thursday

“We’ve seen a lot of these cases in the past where companies have said, ‘We don’t know if there’s been a breach, there’s been a potential breach, we want to warn you right away'” – you don’t have that, you have that not done.’

Mr Sheridan would not confirm the number of customers affected but said the investigation is still ongoing.

He added that Optus had to confirm the details of the breach and secure their network before warning customers.

The telco contacts the millions of affected customers.

Customers have been told not to click on links sent in a message that appears to be from Optus.

Optus said users’ payment information and account passwords had not been compromised and that it was working with the Australian Cyber ​​Security Center to mitigate the risk to both current and former customers.

The Australian Federal Police, the Australian Information Regulator’s Office and other key regulators have also been notified.

Optus said users' payment information and account passwords had not been compromised and that it was working with the Australian Cyber ​​Security Center to mitigate the risk to both current and former customers.

Optus said users' payment information and account passwords had not been compromised and that it was working with the Australian Cyber ​​Security Center to mitigate the risk to both current and former customers.

Optus said users’ payment information and account passwords had not been compromised and that it was working with the Australian Cyber ​​Security Center to mitigate the risk to both current and former customers.

What Optus has said about the breach:

How did this happen?

Optus fell victim to a cyber attack. We took immediate action to block the attack that targeted Optus customer data only. Optus’ systems and services, including mobile and home internet, are unaffected and messages and voice calls are unaffected. Optus services will continue to be safe to use and operate as usual.

Has the attack stopped?

Yes. Upon discovering this, Optus immediately stopped the attack.

We are now working with the Australian Cyber ​​Security Center to mitigate any potential risk to customers. We have also notified the Australian Federal Police, the Office of the Australian Information Commissioner and key regulators.

Why did we go to the media first instead of our customers?

The security of our customers and their data is our top priority. We did this because it was the fastest and most effective way to alert as many current and former customers as possible so they could be vigilant and monitor suspicious activity. We are now in the process of contacting customers directly affected.

What information about me may have been made public?

The information that may have been released includes customer names, dates of birth, telephone numbers, email addresses and, for a subset of customers, addresses, ID document numbers such as driver’s license or passport numbers. Affected customers will be notified directly of the specific information that has been compromised.

Optus services, including mobile and home internet, are not affected. Messages, voice calls, billing and payment information, and account passwords have not been compromised.

What should I do to protect myself if I suspect I have been the victim of fraudulent activity?

We’re not currently aware of any customers who have suffered damage, but we encourage you to raise awareness of your account, including:

Watch out for suspicious or unexpected activity on your online accounts, including your bank accounts. Immediately report any fraudulent activity to the related provider.

Watch out for contact from scammers who may have your personal information. This could be suspicious emails, texts, phone calls or social media posts.

Never click on links that look suspicious and never give out your passwords or personal or financial information.

How do I contact Optus if I think my account has been hacked?

If you believe your account has been compromised, you can contact us via the My Optus app – which remains the safest way to contact Optus, or call us on 133 937 for consumer customers. Due to the impact of the cyber attack, waiting times may be longer than usual.

If you are a business customer, please contact us at 133 343 or your account manager.

How do I know if I have been affected?

We are in the process of contacting customers directly affected.

Alastair MacGibbon, chief strategy officer at cybersecurity firm CberCX and a former adviser to the prime minister, said Optus customers should watch out for criminals impersonating them online.

“They should find out if criminals are impersonating them, or stealing their identities, trying to get credit in their name…etc,” he told ABC.

He said Optus can protect their customers’ interests by paying for credit monitoring.

“That way you will be checked by credit monitoring services if someone has used your name and other details to get credit,” Mr MacGibbon said.

It remains unclear what the hackers were looking for at this stage, the authorities and the telco are still under investigation.

Mobile internet and internet at home, as well as messages and voice calls are not affected.

Both past and current Optus customers have been affected.

How to improve your cybersecurity

Keep your devices up to date with security upgrades.

Use strong passwords that contain one lowercase letter, one uppercase letter, one number, and four symbols, but not the following &%#@_

Do not reuse the same password on multiple devices

Reset your password about once a year

Add a second layer of security to a password by using two-factor or multi-factor authentication, such as a password and number sent to your phone by text message

.