Karl Stefanovic has criticized Optus for responding too ‘slowly’ to Australia’s biggest privacy breach ever.
His comments come after a mysterious hacker leaked the personal information of 10,000 innocent customers before apologizing and removing the wealth of data they stole.
The Today Show host said the breach was a “huge security risk” and accused the telco of taking three days to personally notify affected customers.
“The fact that Optus was so slow at it in the first place, the fact that this person is now targeting innocent Australians, I find abhorrent,” he said.
“The fact that we can’t do anything about it is even worse and the fact that we don’t have legislation around this at the moment is coming soon, and the Australian government must act on this right now.
“But right now 10,000 Australians have their data, their private data, public and can be used for any kind of crime.
Stefanovic said it made him furious when he learned it was not a sophisticated cyber attack.
“You know we trust companies, and this is a big company.” Stefanovic explained. Nine million customers, and a high school student could have hacked it.
“I mean, it’s as bad as it gets, and this could be a corporate killer.”
Karl Stefanovic said the breach was a “huge security concern” and criticized Optus for taking three days to personally notify affected customers
In a huge twist on Tuesday morning, ‘optushacker’ claimed there were ‘too many eyes’ on them and said they would not sell or leak the hacked data of up to 10 million Australians – after releasing details of some 10,000 customers .
In broken English, optushacker said, “Deepest apologies to Optus for this. Hope all goes well from this’
The hacker also claimed that they would have told the telco about their vulnerability, but there was no way to get in touch.
‘Optus if you would have reported reading (sic), we would have reported exploit if you had been in touch.
“No security email, no bug bountys, no way to report,” the message read. “The ransom hasn’t been paid, but we don’t care anymore.”
The extraordinary backflip comes hours after the cybercriminal threatened to release an additional 10,000 records every day for the next four days if a ransom of $1.5 million is not paid.
The customer data the hacker has released so far includes passport, driver’s license and Medicare numbers, as well as dates of birth and home addresses.
Stefanovic said some Optus customers had already been “bombed” with phone calls and texts, while others had yet to be notified personally by the telco.
Mysterious Optus hacker has released the private data of 10,000 customers as the telecom company’s response to the major breach is labeled too ‘slow’
The hacker has warned Optus that if the money is not paid, 10,000 customer records will be released every day until the money is received (stock image)
The data breach, for which Optus has apologized and is now investigating, has left many wondering what they can do to protect themselves and whether they can be financially compensated for what happened.
The controversial telco has offered the ‘most affected’ customers access to free credit checks at Equifax company, which itself suffered a massive data breach in 2017, affecting some 140 million people.
“The most affected customers will receive direct communication from Optus in the coming days on how to start their subscription for free,” Optus said.
Pictured: Kylie Carson, a special counsel in general compensation at Shine Lawyers
Kylie Carson, a special counsel who specializes in general compensation at Shine Lawyers, said that if an Optus customer suffered a financial loss as a result of the data breach, they may be able to file a claim.
“To make a claim it would have to be viable and you have to prove that Optus has not done enough and has not done enough to protect your data,” the top lawyer told the Daily Mail Australia.
Ms. Carson added that something like human error would also have the potential for victims to file a claim.
“Optus is vicariously liable for the actions of their employees,” she said.
Ms Carson herself was a victim of the data breach, saying Optus was providing customers with “more questions than answers” and urging people to remain vigilant.
“Everyone needs to be a little careful with the messages and texts they get, if it looks suspicious it probably is,” added Ms Carson.
The controversial telco has offered the ‘most affected’ customers access to free credit checks with the company Equifax (pictured, an Optus store in Sydney)
Australian law firm Slater and Gordon said Monday they were investigating a possible class action against Optus.
Ben Zocco, the company’s senior employee, said they were assessing potential legal options for those caught in the cyberattack.
“This is possibly the most serious invasion of privacy in Australian history, both in terms of the number of people affected and the nature of the information released,” said Mr Zocco.
“We believe the consequences could be particularly serious for vulnerable members of society, such as survivors of domestic violence, victims of stalking and other threatening behaviour, and people seeking or applying for asylum in Australia.
“Given the type of information reportedly released, these people can’t just heed Optus’ advice to be wary of scam emails and text messages.”
The Optus CEO said last week it was too early to say whether it was a criminal organization or whether another state was responsible for the attack (photo, customers at an Optus store in Sydney)
Optus chief executive Kelly Bayer Rosmarin says the company is working with the Australian Federal Police to investigate the attack – with police warning that the sale of personal data is illegal and could carry a 10-year prison sentence.
On Friday morning, the CEO apologized emotionally to the millions of Optus customers involved in Australia’s largest data breach.
“I think it’s a mix of a lot of different emotions,” she said downcast.
“Of course I’m angry that there are people who want to do this to our customers, I’m disappointed that we couldn’t have prevented it.
“I am very sorry and apologise. It shouldn’t have happened.
Optus chief executive Kelly Bayer Rosmarin apologized Friday for the breach and said the company is working with the Australian Federal Police to investigate the attack.
Ms Bayer Rosmarin said the IP addresses linked to the hackers had moved through several European countries and that it was an “advanced” breach.
The CEO added that it was too early to say whether it was a criminal organization or whether another state was responsible for the attack.
The data that may have been stolen dates back to 2017.
The breach has sparked calls for the federal government to take action, with Prime Minister Anthony Albanese calling the incident a “wake-up call for business on data protection.”
Treasurer Jim Chalmers said the government is working to ensure it “responds adequately” with announcements to be made in the coming days.