Optus CEO Kelly Bayer Rosmarin fought back tears today as she issued a heartfelt apology following a sophisticated attack that exposed the personal information of millions of customers.
“I’m very sorry and apologetic – it should not have happened,” said Ms Bayer Rosmarin who broke down when asked by Tech Guide about how she felt knowing the attack occurred on her watch.
“I’m angry that there are people out there that want to do this to our customers.
“I’m disappointed that we couldn’t have prevented this.
“I’m disappointed that it undermines all the great work we’ve been doing to be a pioneer in this industry and a real challenger create new and wonderful experiences for our customers.”
According to Optus, the sophisticated attack reportedly originated in Europe with the attackers constantly changing their IP address to hide their tracks.
Ms Bayer Rosmarin says Optus noticed some suspicious activity on Wednesday that was quickly identified as a cyber attack.
Optus CEO Kelly Bayer Rosmarin breaks down over cyber attack “I’m sorry, it should not have happened” @9NewsSyd pic.twitter.com/eIG48lqk72
— Sophie Walsh (@sophie_walsh9) September 23, 2022
“The team look steps to block it and begin the process of understanding exactly what had transpired,” she says.
“I found out about it less than 24 hours before we went live to the press through a phone call from my chief information officer (Mark Potter).
“From that stage we did not understand the extent of it.
“We were sure something had occurred, and the teams began the process of trying to recreate the logs of exactly what had transpired so we could get our heads around the order of magnitude.
“It was only late that night that we were able to determine that it was significant.
“By 2pm the next day we had notified everybody and try to get all our ducks in a row.
“It’s probably one of the fastest responses in these sorts of situations.”
According to the Optus CEO the number of customers who details were stolen has been exaggerated.
“We’ve got the absolute worst case scenario number at 9.8 million, but we expect the number to be considerably less than that once we’ve worked through the information.”
During the press conference, Ms Bayer Rosmarin said that no passwords or financial information has been stolen.
“No passwords or bank details were taken so there isn’t a simple message like update your passwords or talk to your financial institution,” she said.
“But we need this heightened vigilance across all aspects of what people do so that we can spot any emerging patterns early and move together across government corporations and our customers to shut it down and hopefully identify who did this and catch them.”
Optus revealed the hacked data included former customer information dating back to 2017. Ms Bayer Rosmarin also revealed why customers were not contacted directly about the breach for fear they could think it was a phishing attack.
“In terms of contacting our customers we have not been very specific and prescriptive about how we’re doing that specifically for the reason that we do not want to give people the opportunity to get out in front of us with a phishing attack,” she said.
“The important thing is we will be contacting our customers, we won’t be telling you exactly how we’re doing that except to say that we will not be sending any links in SMS and email messages.”
