A radio interview with an Optus executive was awkward because of the hacking scandal.
In a radio interview this morning, an Optus executive seemed to have trouble answering some questions about the hack.
In an interview this morning, an Optus executive seemed to have trouble answering some questions about the cyber attack and why some customers still haven't been contacted.
After a huge security breach last week, the personal information of up to 9.8 million current and former Optus customers could be stolen.
Because of the attack, Australians' names, email addresses, phone numbers, dates of birth, addresses, and in some cases, even their driver's license and passport numbers were made public.
The breach has caused a lot of damage, and many customers are angry at how the company has handled the situation.
Now, one Optus employee gave a very strange interview in an effort to be "open and honest" with customers about what was going on.
Sally Oelerich, who is in charge of corporate, regulatory, and public affairs at Optus, talked to 2GB's Chris Smith on Monday morning. She seemed to have trouble answering his questions the whole time.
"Hi, I'm here. "I really want to give your listeners information and be honest," Ms. Oelerich said.
"But, and this is a big but, this is being looked into by the Australian Federal Police. All of this is being done by a criminal who has attacked Australians, including me. My driver's license has been stolen."
Smith asked Ms. Oelerich to confirm how much data was leaked from Optus. He did this because someone who said they were a hacker said they had important information about about 11.2 million Optus customers.
Jeremy Kirk is a cyber security researcher and writer. He says he has talked to the hacker and thinks the person is "the real deal."
Ms. Oelerich didn't say if the 11.2 million number was right or not, but she did say she "knew" about what Mr. Kirk said about the hacker.
She said that no one has "picked up the phone to call us" to make the claims that the hacker has made online.
"I can't really confirm whether or not that's true. "Again, it's being looked into," she said.
Smith then said that Mr. Kirk had said that the sample dataset given by the hacker matched the breach, which suggests that they may be the ones who did the attack.
The radio host said, "He thinks this hacker who claims to have all this information is real."
Before Ms. Oelerich asked, "Sorry, um, was there a question?" there was a long silence.
"Does this hacker look like a real person to you?" he asked.
"Well, do you mean to me as a person or as Optus?" she talked back.
Smith then said that Ms. Oelerich had seen what had been posted online, and he pointed out again that Mr. Kirk had linked some of the information to Optus customers.
“Yes. That's what Jeremy has been saying," she said, then sidestepped the first question by saying that she, too, had been hacked and was trying to do everything she had been told to protect Optus customers.
When asked if Optus had told all customers whose information might have been stolen that their information had been stolen, Ms. Oelerich confidently said yes.
"At this point, we have reached out to everyone whose most sensitive information was stolen, like the driver's license and passport member, using the information we have for them," she said.
Casey Robinson, an Optus customer, was then brought on air and told that her husband's information had been stolen.
Using his driver's license, new loan accounts had been opened in his name, and his 2022 tax return had been sent in.
Ms. Robinson said that the problems started on September 12, when they think someone got his phone number.
She confirmed that Optus never sent them an email about the breach. Instead, they had to contact the company themselves.
"Sally, why hasn't Optus sent Casey an email? You said you'd talked to everyone whose information you thought had been stolen," Smith said.
"Because of this attack," Ms. Oelerich said in response. This made Smith wonder if she was saying that this situation had nothing to do with the recent cyber attack.
"I don't … Ms. Oelerich said, "No, I don't." She then apologized on behalf of Optus to Ms. Robinson and said, "This is not something I would wish on my worst enemy."
Smith spoke up and said that Ms. Robinson has been dealing with this problem for a while and that it might have something to do with the hack.
"I can tell you, Chris, that we have now told customers whose information was stolen because of this attack," Ms. Oelerich said.
Smith said, "You haven't told Casey Robinson yet."
The Optus representative said, "I don't believe... well, I don't know Casey's personal situation or that of her partner, who seems to be the one going through this." She added that she would personally follow up with Casey about this issue.
Customers are very angry with Optus's response.
In the wake of the attack, many customers have been unhappy with how Optus has treated them. This interview comes at a time when many of those customers have been complaining.
In one case, Optus refused to pay a customer $15 for a credit check, and in another, a young mom found out that she can't change her mobile phone number to better protect herself without paying about $1000 to switch providers.
James*, who wanted to remain anonymous, found out that the data breach had affected him and rushed to protect his identity and his money.
But the 35-year-old man from Sydney said the answer he got from Optus was "despicable" after he was "forced to set up" a $15-a-month identity theft monitoring account through the credit agency Equifax.
But when he asked Optus to pay for it, a worker told him that he didn't have any right to compensation.
He told news.com.au, "It's pretty low for a company to let a breach happen and then refuse to help customers protect themselves when they put those customers at risk."
Olivia* from Launceston, who also wanted to remain anonymous, said that when she called Optus after hearing about the breach, they told her that she had not been affected by the attack.
But the next day, she got a worrying email that showed that wasn't the case.
She hurried to change as many of her personal details as possible, but when it came to changing her phone number, she said that Optus made it so hard that she wanted to switch to Telstra.
But if you did this, you would have to pay Optus $1000 in cancellation fees and phone payments.
Olivia has told the telecommunications ombudsman about a problem.
After a cyber attack, Optus's CEO apologized in tears.
Kelly Bayer Rosmarin, the CEO of Optus, said that as soon as the company found out about the hack, it took steps to stop it and began an investigation.
Friday, Ms. Rosmarin apologized to customers when she talked to reporters.
She said she was "devastated" by the attack, which exposed names, dates of birth, addresses, phone numbers, and, in some cases, passport or driver's license numbers.
Ms. Rosmarin said that Optus thought the number of people whose information was stolen was much lower than its "worst-case scenario" number of 9.8 million.
The Australian Cyber Security Centre and the Australian Federal Police are looking into what happened and how much information was taken.
A spokeswoman for Optus said Saturday that the company is calling all of its customers to tell them how the cyber attack affects their personal information.
"We'll start with customers whose ID numbers may have been stolen. We'll let them know today," she said.
"We will let customers know last who haven't been affected by anything."
She also said that Optus would not send links in emails or SMS.
She said, "If a customer gets an email or SMS with a link that says it's from Optus, they should know that this is not a message from Optus."
"Do not click on any of the links.
"We've been told that telling people about the attack is likely to lead to a number of claims and scams from criminals who want to make money, such as phishing scams through phone calls, emails, and SMS and selling fake customer information.
"Once more, we're sorry."
Customers of Optus whose information may have been stolen are urged to:
- Don't answer any suspicious calls;
- Think about making your password and other online safety measures stronger; and
- In the next few days, look for more information from Optus.
How can I tell if I'm in danger?
Optus will get in touch with customers who have been affected in the next few days.
Customers who think their data may have been stolen or who have other concerns were asked to contact Optus through the My Optus app or by calling 133 937. The company said this was the safest way to talk to Optus.
Optus said that it would not send links in any emails or SMS messages.
What should I do to keep my information safe?
Customers have been told to change the passwords for their online banking accounts and turn on multifactor authentication.
They are also told to limit how much money they can take out of their bank accounts.
In a statement, Scamwatch said, "It is important to know that you may be at risk of identity theft and to act quickly to avoid harm."
"Con artists could use your personal information to call, text, or email you.
"Never click on links or give someone who contacts you out of the blue personal or financial information."