View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 3, 2022

Optus calls in Deloitte for ‘forensic review’ of massive cyberattack

Optus says a forensic examination of its infrastructure will inform how it responds to the damaging breach.

By Ryan Morrison

Beleaguered telecoms company Optus has called in consultants from Deloitte to perform a full and independent forensic review of its security systems after a cyberattack that led to one of the largest data breaches in Australian history.

A 'basic hack' of Optus systems saw millions of users data compromised (Photo: T. Schneider/Shutterstock)
A ‘basic hack’ of Optus systems saw millions of users’ data compromised. (Photo by T. Schneider/Shutterstock)

The massive cyberattack, first detected on 14 September, is now the subject of an ongoing federal police investigation dubbed ‘Operation Hurricane’ and is thought to have led to 2.8 million records containing personally identifiable information being exposed.

Attackers are said to have infiltrated the Optus system through an API used to test a customer ID system. It is thought a “human error” left the API externally visible, allowing the unidentified hackers to gain access.

Owned by Singapore Telecommunications (Singtel), Optus has 9.8 million customers which is about 40% of the population of Australia, where the attack took place.

Minister for home affairs and cybersecurity, Clare O’Neil, called it a “basic hack” and questioned how a telecom operator “left a window open for data of this nature to be stolen”.

Optus CEO Kelly Bayer Rosmarin contracted Deloitte to examine the security systems, controls and processes used by the company, as well as a forensic investigation of the attack to determine how it came about and where faults might sit within the system or procedures.

Bayer Rosmarin told media that the investigation will determine in part how it responds to the incident, apologising and recognising the “significant concern it has caused many people”.

“While our overwhelming focus remains on protecting our customers and minimising the harm that might come from the theft of their information, we are determined to find out what went wrong,” she declared, adding that the review “will help ensure we understand how it occurred and how to prevent it from occurring again.”

Content from our partners
Technology and innovation can drive post-pandemic recovery for logistics sector
How to engage in SAP monitoring effectively in an era of volatility
How to turn the evidence hackers leave behind against them

She said the review in part was to rebuild trust with customers, and understanding what led to the attack was an important part of that process.

Optus cyberattack: reports of fines ‘speculative’

The Singtel board also clarified that any reports of fines or costs it faces linked to the attack were “speculative” and “couldn’t be relied upon”. Law firm Slater and Gordon is said to be preparing a class action lawsuit against the company, but Optus says it has yet to receive any notification of this, with its board adding that the business’s lawyers have been instructed to advise on any possible action which “would be vigorously defended”.

“Singtel is continuing to evaluate the potential financial implications arising from this matter and any material development will be disclosed to the market on a timely basis,” the board wrote in a statement.

The data was posted on a popular data breach website, with the criminal behind the breach asking Optus to pay $1m in the Monero cryptocurrency within a week to prevent the whole cache of data being released. Security company ISMG says it has analysed some of the information and that it appears to be genuine.

Optus was ordered to provide free credit monitoring for those impacted by the breach and warned there would need to be a review of how the Australian government regulated against cyberattacks on critical infrastructure.

O’Neil admitted that Australia’s regulation of cybersecurity was “five years behind” other countries and that there was a need to review the legislation and bring it up to date.

Attacks on telecoms companies and internet service providers are on the rise. A report from the International Data Corporation says 37% of telcos have been targeted by distributed denial of service (DDoS) attacks in the past year. Such attacks have led to 35% of telecoms companies suffering from loss of business.

The UK has recently announced a new set of regulations for telecom networks that would protect against cyberattacks, or hold those companies to account. The Telecoms Security Act sets out specific actions for public telecom providers that consider supply-chain risks and protecting equipment from attack.

Read more: Chinese hackers target telecoms networks through vulnerable equipment

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU