Forensic Assessment to be Conducted in Optus Data Breach Case
Australia’s second largest telecommunication company Optus has been facing the issue of cybersecurity data breach for the last 12 days. On 3 October, its parent company Singapore Telecommunication (Singtel), in a comment said that it was assessing the potential costs of the massive cybersecurity breach of private data from 10 million accounts and sought to clarify reports it could face a huge compensation bill.
They added that they have not received any legal notice of a class action lawsuit but have engaged lawyers to advise it. The company also said that the review put forward by Optus CEO, Kelly Bayer Rosmarin, to the parent company’s board was supported unanimously.
Kelly said that the company has commissioned Deloitte to conduct an independent external review of the Optus’s massive data breach, with a focus on security systems and processes. The review would be in addition to the work Optus was undertaking with technical professionals within the federal government to understand how the breach occurred.
The Australian Signals Directorate is also working with other telecommunications providers to ensure they do not have similar vulnerabilities. She also said, forensic assessment will be done to investigate how it happened and strategies for preventing future breaches.
The two major law firms, Slater & Gordon and Maurice Blackburn, have said they are investigating a possible class action against Optus to claim compensation for people affected by the breach.
In the past days, Optus has sent text messages or emails to customers who had their driver’s license numbers taken, in every state and territory bar Victoria and Queensland.
However, the Australian government on the weekend blamed Optus for the breach, which affected the equivalent of 40% of Australia’s population, saying customers were exposed to financial crime and pressing the company to do more to notify those affected.
O’Neil the home affairs minister said the Australian federal police would provide an update on the status of the investigation into who had obtained the data and posted it online in the coming days.
