Optus enlists Deloitte for forensic review following major data hack
Following the major cybersecurity breach of its customer data, Optus has enlisted Deloitte to conduct an independent security review.
Last week, Optus confirmed that 10 million of its current and former customers suffered a leak of their personal information as a result of a data breach at the end of September.
In a video posted on the company’s website, Optus CEO Kelly Bayer Rosmarin unveiled that of the 10 million accounts that were breached, 2.1 million customers had an identity document number exposed – meaning they may need to take action to replace documents.
The incident has over the past days triggered a massive media attack on the Singtel subsidiary, with the Australian government openly blaming Optus for the breach. The government has launched a criminal investigation, while privacy commissioner Angelene Falk ha launched her own investigation.
Meanwhile, law firms Slater & Gordon and Maurice Blackburn have confirmed they are investigating a possible class action against Optus to seek compensation for people affected by the breach.
“We’re deeply sorry that this has happened, and we recognise the significant concern it has caused many people,” Bayer Rosmarin said. “While our overwhelming focus remains on protecting our customers and minimising the harm that might come from the theft of their information, we are determined to find out what went wrong.”
This is where Deloitte comes in. The firm’s forensic experts specialise in uncovering digital secrets and attacks, and were recently named one of Australia’s top forensic consultants for 2022.
In the case of Optus, the attacker (who is known under the alias ‘optusdata’) gained unauthorised access to customer information. The attacker then published a small sample of the stolen data and demanded that Optus pay a $1 million ransom to avoid more leaks.
According to hack platform Hacker News, the hacker has since withdrawn the extortion demand while apologizing for the crime and claiming that the only copy of stolen data had been destroyed, citing increased public attention.
For Optus and Deloitte, the development comes too little, too late. “This review will help ensure we understand how it occurred and how we can prevent it from occurring again. It will help inform the response to the incident for Optus,” said Bayer Rosmarin.
Deloitte will carry out an external review of the incident, and conduct a broader review of Optus’ cybersecurity landscape, and risk & security controls and processes.