It’s been a little over a week since the Optus data breach – one of the worst in Australian history. It has rightly dominated headlines and put nearly 10 million customers, whose data is now in the hands of cyber criminals, on edge.
But what does Optus do now?
How it acts and what it says following this crisis will shape the company and our perception of Australia’s second largest telco for years to come.
They can certainly take a leaf out of Samsung’s book and how the company dealt with the Galaxy Note 7 recall with honesty and transparency.
For me, it’s been a very busy week talking about the Optus hack. I’ve been interviewed several times on TV, done dozens of radio interviews and written a few stories about it and what customers need to do to stay safe.
Optus CEO Kelly Bayer Rosmarin held a virtual press conference on the Friday after the breach and shared some information, based on what she knew at the time, about the sophisticated nature of the attack and the number of people affected.
That day Ms Rosmarin also appeared in live TV interviews to basically answer the same questions but that’s the last we’ve heard from her or from anyone at Optus.
Optus said it chose to communicate through the media – and that’s what I’ve been doing. But you’d think someone from the vast Optus media team would reach out and actually talk to journalists daily to keep us abreast of the latest details so we can communicate these in our publications and in our TV and radio interviews.
Instead all they have sent are five short emails including one saying they’ll cover a 12-month subscription to a credit check company. That’s it.
Meanwhile, customers are seething because Optus took its sweet time contacting them personally, myself included – I’ve been a customer for more than 20 years.
Transparency and honesty are what’s required here.
There are so many questions that are still unanswered including whether the attack actually was sophisticated – there are reports suggesting it was actually a simple breach.
The actual number of customers affected hasn’t been confirmed – the Optus CEO Kelly Bayer Rosmarin said at her virtual press conference she said the number of customers affected wasn’t as high as what was being reported.
From her silence we’ll just assume that it’s exactly what’s being reported – if not worse.
And what are they doing in the investigation? Are they paying the ransom? Do they know who did it? Have the shored up their system so this can’t happen again?
How a company acts in a crisis will define them.
The best example of a company handling a crisis and getting through while not only maintaining their reputation but actually enhancing it is Samsung and how it handled the Galaxy Note7 recall.
The Galaxy Note7 was released in 2016 and was seen, at the time, as one of the best smartphones we’d ever seen.
But we started hearing about issues with the battery and cases of the device catching fire.
It turned out to be a battery and design issue and the Note7 was discontinued just three months after going on sale.
It got to the point where you couldn’t get on a plane with a Note7 and there were collection desks at airports to replace phones in case you still had one.
For Samsung, it was a disaster, but how the company handled the situation should be written into a crisis management textbook.
I did a lot of interviews and stories about Note7 back then, but the biggest difference was I was being called by Samsung nearly every day – and they would be taking my calls – so I could have the latest info and help affected customers.
Samsung was dealing with this in real time and weren’t even aware of the root cause of the issue when they swung into action.
But they were still open and transparent about everything that was happening – no matter how embarrassing and how much it affected their reputation.
Optus circling the wagons and hoping a bigger story comes up that bump them down the news list isn’t the way forward.
Optus CEO Kelly Bayer Rosmarin should be on TV every day updating the situation for customers.
This visibility would give customers some level of comfort and show that no one is hiding in a bunker and leaving everything to the Federal Police.
Here’s what I think Optus needs to do.
SPELL OUT EXACTLY WHAT HAPPENED
Even though the data is already out there, Optus still needs to completely explain the issue that caused the breach whether it was their fault or not.
Doing this would show how determined it is to repair the damage and ensure it doesn’t happen again.
SHOW WHY THEY ARE AUSTRALIA’S SECOND LARGEST TELCO
Optus reached its status as one of the largest telcos in Australia by offering products and services the customers need and can rely on.
Yes, they are sporting a black eye at the moment, but they need to climb back on the horse and demonstrate they can continue in business with confidence and efficiency.
START UP THE MARKETING MACHINE
Optus is a big company with a decent marketing budget.
The company needs to come out on the front foot with a message acknowledging the damage and accepting the blame but also laying out the path to recovery.
If you say nothing, what other people say will fill that vacuum.
We’re already seeing memes about the Optus breach – and you can expect more until the company decides to remind customers why they are the second largest telco not far behind Telstra.
Samsung became the butt of jokes during the Note7 crisis but the company was quick to act to provide refunds and exchanges.
It was able to handle the crisis with honesty and dignity.
Optus needs to do the same.
