Although we are becoming a little too comfortable with the amount of information we share on the internet, what really is the worst possible thing that can happen?
Millions of Australians are now living the nightmare of this worst-case scenario as two of the biggest telecommunication providers have been subject to significant breaches of employee and customer data within the last month.
These two major cyberattacks have left both Optus customers and Telstra employees concerned about the vulnerability of their personal data.
On September 22, 2022, Optus released an online statement regarding an investigation into the ‘unauthorised access of current and former customers’ information’.
The telecommunications provider stated the possibility of the exposure of confidential customer information, including names, dates of birth, phone numbers, email addresses, as well as Medicare, driver’s licence and passport numbers.
Optus CEO Kelly Bayer Rosmarin has since revealed that up to 9.8 million Australians may have had their personal data accessed during the cyberattack, however, “7.7 million customers do not need to take further action”.
Rosmarin says the remaining 2.1 million customers have had identity document numbers exposed. These personal ID details include 50,000 Medicare and 150,000 passport numbers.
The significant attack has left millions of current and former customers anxious and questioning what to do next.
Long-term Optus user, Ally Macinnis, says she was forced to “chase the information” and arrange an updated licence and Medicare number herself. The mother of two has expressed her frustration with the provider’s handling of the breach.
“Optus should definitely be responsible for keeping the data they have secured; if they can’t, they should delete it. Consumers don’t know what steps we need to take to prevent this. Unless you are a hacker yourself you don’t understand what is needed to protect yourself as they will always know more than you,” she says.
Just two weeks following the announcement of the Optus cyberattack, Telstra released a similar online statement concerning a third-party data breach that has reportedly affected up to 30,000 current and former Telstra employees.
Telstra says employee names and email addresses were obtained through a breach of a ‘now-obsolete’ employee rewards program provider, stating ‘there has been no breach of Telstra’s systems. And no customer account data was involved’.
While Optus and Telstra have dominated the telecommunications market for years, it seems crucial to consider how their cybersecurity measures could be strengthened to prevent these events from occurring in the future.
These breaches are just two of many incidents of large-scale cyber attacks throughout the last decade.
Such events have cost government bodies and major organisations millions of dollars at both a national and global scale.
Optus customer Mia Kleehammer, says she “now feels insecure about putting [her] information out there” and “wonders how much money has been lost because of this”.
So, what do these breaches mean for the future of data security, and how worried should Australians really be?
Dr Toby Murray is an associate professor in the School of Computing and Information Systems at the University of Melbourne, specialising in cybersecurity.
According to Dr Murray, who has also been affected by the breach, this attack was not sophisticated and has exposed a major weakness in a system that shouldn’t have been accessible.
The severe implications of personal data leaks within major organisations have been made clear over the last month in particular.
This has resulted in companies across the country internally checking their systems to avoid the weaknesses that enabled these events to occur in the first place.
“Nobody wants to be the next Optus,” he says.
Dr Murray says we should expect to see more investment into cybersecurity and less customer data being retained in the long-term future.
“I think companies are starting to realise that holding a lot of sensitive information is actually a big liability. And that it would be much better to not have this data in the first place if you can avoid it,” he says.
We’ve also seen support for law changes in direct response to this breach from the Albanese government, and “changing the incentives on companies to make it more costly for them if they are breached”.
“Unfortunately, there is currently little individuals can do to reduce the chances you’re caught up in a data breach,” says Dr Murray.
“People kind of have to accept that we live in a world where data breaches will happen,” he says.
“But there are things that they can do as individuals to reduce the risks to them if their own information is actually compromised.”
If you think your personal information has been exposed, experts say it may be helpful to consider getting any of that documentation replaced.
Implementing two-factor authentication systems on your email or bank account can also be another simple but effective way to prevent anyone from gaining access to your accounts.
Dr Murray says that customers should remain vigilant for scams as “Optus is not going to text you or send you an email requesting your personal information… or requesting money”.
“It is a shame that we live in a world in which a lot of the onus does fall back on to the individual to protect themselves when their data is breached. But that is sort of the world that we live in,” he says.
If you or someone you know has been affected by the Optus data breach, visit their website for more information.
Link to full story: https://preview.shorthand.com/BkSfnLBjaePGT2qz