Telecom Services

Australia asks Optus to pay for mishandling cyber attack

September 29, 2022

Australian government said telecoms giant Optus must pay for the cost of replacing the passports and drivers licenses of millions of customers whose personal information was stolen during the cyber attack.
The cyber security incident has impacted several million customers of Optus. The theft of personal data attached to 10 million customer accounts, equivalent to 40 percent of Australia’s population, was the result of an error by Optus so it was up to the Singapore Telecommunications-owned company to pay for the consequences, Assistant Treasurer Stephen Jones said.

“Optus is responsible for paying for the costs and the implications of this for customers, whether it’s the replacement of a license, whether it’s the replacement of a passport, or other necessary pieces of ID,” Stephen Jones told reporters in Sydney. He did not give a dollar figure for the costs.

Optus has apologized for the breach and said it would pay for the most affected customers to receive credit monitoring for a year.

The operator of an anonymous account had in an online chatroom demanded $1 million to refrain from selling the Optus customer data, only to later withdraw the demand and apologize, citing heightened publicity. Optus and law enforcement authorities have not verified the demand, although cybersecurity experts say it was most likely authentic.

The stolen data included passport numbers, drivers license numbers, government health insurance numbers, phone numbers and home addresses, prompting commentators and lawmakers to demand replacement documents.

Other large internet firms meanwhile said they were running extra cybersecurity checks to reduce the risk of a similar breach.

“In light of the recent Optus breach, we have been working with our cybersecurity partners and the relevant government agencies to increase our checks,” said a spokesperson for TPG Telecom, which has about 6 million customers.

A spokesperson for Telstra, Australia’s largest internet provider, said in an email: “We will continue to consider what other steps we may need to put in place as we learn more about the Optus incident.”