Latest World News

Optus CEO’s shock admission in cyber attack aftermath: ‘Be vigilant’

15

Optus has revealed they learnt of a major cybersecurity attack a day prior to notifying customers of the breach.

On Thursday afternoon, Optus announced the personal information of up to nine million customers had been compromised during a major cyber breach.

WATCH IN THE VIDEO ABOVE: Details as Optus suffers major data breach.

Watch the latest News on Channel 7 or stream for free on 7plus >>

However, Optus CEO Kelly Bayer Rosmarin said the company learnt of the breach a day earlier.

In an update on Friday, Rosmarin described the attack as “sophisticated”.

“We are taking full accountability for what has happened,” she said.

“No ransomware demands have been made … but it’s too early to rule out any possibilities.”

Rosmarin said Optus will be contacting all customers in the next few days.

“All customers will be contacted … including those who have not been affected, and they will know what category they will fall into,” she said.

Millions of Optus customer details may have been accessed in a cyber attack. Credit: Dave Hunt/AAP

While it is estimated up to 9.8 million people may have been affected, Rosmarin described this number as a “worst-case scenario”.

“We have reason to believe that number is actually much lower,” she said.

“Once we’ve worked through all the relevant information, we expect that number will be much lower.

“But again, our teams are looking into every possibility.”

Rosmarin said the message to Optus customers is to remain alert.

“What customers can do is be vigilant, if anything unusual occurs report it … be alert to any activity that seems suspicious or odd.”

‘Human error’

Meanwhile, preliminary investigations by Optus suggest an error by an IT programmer may have inadvertently allowed cybercriminals to access the database.

“[It’s] still under investigation, however, this breach, like most, appears to come down to human error,” a senior figure for Optus told the ABC on the condition of anonymity.

“[They] wanted to make integrating systems easier, to satisfy two-factor authentication regulations from the industry watchdog, the Australian Communications and Media Authority (ACMA).”

“Eventually, one of the networks it was exposed to was a test network which happened to have internet access.”

This allowed access to the Optus network from outside the company.

However, in Friday morning’s press conference, Rosmarin said she could not go into specifics of how the attack occurred as the matter “is the subject of criminal proceedings”.

“Optus has very strong cyber defences, cybersecurity has a lot of focus and investment here and so this should serve as a warning call to all organisations: there are sophisticated criminals out there, and we really need all organisations out there to be on alert,” she said.

Details of cyberattack released

Optus Australia confirmed the attack on Thursday, stating it was “investigating the possible unauthorised access of current and former customers’ information”.

“We are devastated to discover that we have been subject to a cyberattack that has resulted in the disclosure of our customers’ personal information to someone who shouldn’t see it,” Rosmarin said.

“As soon as we knew, we took action to block the attack and began an immediate investigation.

“While not everyone may be affected and our investigation is not yet complete, we want all of our customers to be aware of what has happened as soon as possible so that they can increase their vigilance.”

Optus Australia confirmed the attack on Thursday, stating it was ‘investigating the possible unauthorised access of current and former customers’ information’. File image. Credit: BIANCA DE MARCHI/AAPIMAGE

Optus assured payment details and account passwords had not been compromised and Optus services, including mobile and home internet, are not affected.

“Optus has also notified key financial institutions about this matter,” Rosmarin said.

“While we are not aware of customers having suffered any harm, we encourage customers to have heightened awareness across their accounts, including looking out for unusual or fraudulent activity and any notifications which seem odd or suspicious.

“We are very sorry and understand customers will be concerned. Please be assured that we are working hard … to help safeguard our customers as much as possible.”

Cybersecurity Minister Clare O’Neil told 7NEWS.com.au: “The Australian Cybersecurity Centre is providing cybersecurity advice and technical assistance” in relation to the cyberattack involving Optus.

Australian Federal Police, the Office of the Australian Information Regulator and other key regulators have also been notified.

If you’d like to view this content, please adjust your .

To find out more about how we use cookies, please see our Cookie Guide.

Source: 7News