Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
| (844) 627-8267
0

data hack could cost the telco millions | #government | #hacking | #cyberattack | #hacking | #aihp


The industry’s economics started to improve this year after Telstra pushed through higher prices, and that was closely followed by Optus and TPG.

Optus chief executive Kelly Bayer Rosmarin could respond to the cyber hack by cutting the price of Optus’ mobile plans. But this strategy would only work if Bayer Rosmarin can prove to the world that Optus has fixed all of its data protection failings.

Assessing the damage

Restoring trust in the Optus brand could take a year. One thing in Bayer Rosmarin’s favour is that 65 per cent of her mobile customers are on postpaid plans that run for a minimum of 12 months.

Profits lost to competitors are likely to be small compared to the expansion in costs incurred in fixing the IT systems and paying compensation.

The overseas experience of companies which have lost a large amount of company data gives some indication of what may happen at Optus.

When Sony was hacked in 2015, it was forced by a United States judge to pay employees affected by the data breach a total of $US10,000 each to cover the cost of identity theft.

Only about 800 employees were entitled to this payment, which cost Sony about $US8 million.

A better example of the potential cost of large-scale data breaches can be found in the class action against T-Mobile, also in the United States. It was hacked in August 2021.

A class action resulted in a settlement for the data breach of $US500 million, which was split $US350 million for customers and $US150 million for repairing IT systems.

This worked out at a paltry $US4.38 a head for the 80 million people affected by the data breach.

Another infamous breach was the loss of data by credit monitoring company Equifax in 2017. It lost the customer details of 147.9 million Americans, 15.2 million British citizens and about 19,000 Canadians.

A settlement which received approval in February 2020 resulted in each of the customers being awarded a one-year, $US125 subscription to the Equifax credit monitoring service.

This was a pragmatic solution to the problem because it allowed each individual affected by the data breach to be alerted if a criminal tried to use their personal details to obtain a fraudulent loan.

Options on the table

This solution is being considered by Optus. But it was not clear on Friday whether it would extend it to all the customers whose data was stolen or only those who lost drivers licences and passports.

If Optus decides to be generous and offer every customer who lost data a one-year subscription to the local Equifax credit monitoring service it would cost $119.40 for each customer.

That would cost about $1 billion. This is an unrealistic number given that Optus could probably negotiate a reasonable discount. Also, it may only offer the service for six months which would cost substantially less.

It is highly likely this option will only be offered to those customers who had their drivers licences and passports stolen. This would be a much smaller subset of the total.

These customers are particularly vulnerable because once a criminal with skills in social engineering has a driver’s licence or a passport, they could take control of your finances.

This drastic scenario would include the criminal using the stolen documents to switch the customer’s mobile to another SIM card, which could then be used for two-factor identification.

One way of working out the financial damage to an individual from the data breach at Optus is to examine what the federal government regards as the price of privacy protection failure.

The way to do this is to look at the rules which underpin the federal governments My Health Records legislation.

According to the Healthcare Identifiers Act 2010, the penalty for allowing a person’s healthcare records to be stolen is 50 penalty points. According to the Australian Securities and Investments Commission, each penalty point under federal government legislation is $222 from July 1 this year.

If the class action lawyers latch on to this statistic then the total cost to Optus would be $2 billion.

Of course, the data records kept by Optus are not covered by this law. But the penalty does indicate what policymakers think of the gravity of a failure in privacy protection.

One issue that will have to be on the agenda of federal Attorney-General Mark Dreyfus is the law surrounding the protection of data and whether Australia should upgrade its laws to match those in the European Union, where General Data Protection Regulation has transformed the protection of data.

Dreyfus might also want to ask whether it was appropriate for Optus to be holding on to the records of customers who had left the company as far back as 2017.

Individuals directly affected by the Optus cybersecurity breach should consider themselves as potential identity theft victims.

Optus says customers should look out for any suspicious or unexpected activity across online accounts, including relating to bank accounts.

It says customers should be on the lookout for contact from scammers who may have their personal information. This may include suspicious emails, texts, phone calls or messages on social media.

Also, Optus advised customers never to click on any links that look suspicious and never provide passwords or any personal or financial information.

The websites that can be helpful are moneysmart.gov.au, and the identity fraud advice at oaic.gov.au.

Optus said it would contact all customers, but would not be sending any emails or texts containing links.

Click Here For The Original Source.


————————————————————————————-

Translate

Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish