Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Australia The Courts

Optus Loses Court Bid To Keep Report Into Cause of 2022 Cyber-Attack a Secret (theguardian.com) 27

Wednesday nearly half of Australia was left without internet or phone service after the country's second largest telecommunications company experienced a service outage affecting 10 million people.

But that's not Optus's only problem, according to this report from the Guardian: Optus has lost a bid in the federal court to keep secret a report on the cause of the 2022 cyber-attack — which resulted in the personal information of about 10 million customers being exposed — after a judge rejected the telco's legal privilege claim. After the hack, the company announced in October last year that it had recruited consultancy firm Deloitte to conduct a forensic assessment of what had led to the cyber-attack. Since then, the company has also faced an investigation by the Office of the Australian Information Commissioner, and a class action case in the federal court. As part of the class action case, law firm Slater and Gordon, acting for the applicants, had sought access to the Deloitte report that was never made public...

It came as the embattled CEO faces pressure over the company's handling of a 14-hour outage on Wednesday, that took phone and internet services offline for 10 million customers, delayed trains, disconnected call centres and hospital phone lines. The company has not announced any independent report into the incident, but it is now subject to two government investigations and a Senate inquiry.

This discussion has been archived. No new comments can be posted.

Optus Loses Court Bid To Keep Report Into Cause of 2022 Cyber-Attack a Secret

Comments Filter:
  • A whole chain of firings would seem to be called for here.

    • I bet there's a tech somewhere at Optus who has a stash of emails archived somewhere that prove he warned management about this several times.
    • What makes you think there's no redundancy? Follow up question: what makes you think that any redundant system is resistant to a well thought out human fuckup?

      • "The redundant system is a second powerboard that the first powerboard is plugged into"

      • Even a well thought out redundancy is probably vulnerable to the swiss cheese model of accident causation. Once in a blue moon events align that fall through all holes.

        The real question is how big/many holes there were, and how blue the moon actually was.

      • by HBI ( 10338492 )

        Because I have run redundancy from 10k miles away when in theater. If the shit didn't work we were up shits creek without a paddle. It can be done. I'd leave CONUS and leave the whole setup rigged up so I could flip the switch from the other end of a DS3 with an alternate path over another network. Desperation measure is I called an on-call guy at the CONUS site to flip the switch. Never had to do that. Everything redundant from start to finish, including the power sources at both ends. Generators ar

    • by gweihir ( 88907 )

      For critical infrastructure operated this badly? What about a chain of jailings instead?

  • by Kiddo 9000 ( 5893452 ) on Sunday November 12, 2023 @04:18PM (#64000527)
    I've recently gotten lots of insight to my local ISPs, and I have been unable to understand how these ISPs manage to have a working network at all. It's insane how poorly some of these ISPs run their networks, especially with how important some of their customers are (hospitals, transit, etc).
  • by bloodhawk ( 813939 ) on Sunday November 12, 2023 @05:16PM (#64000617)
    I wish it was only customers that had their data breached. I had not been a customer with them for well over a decade and I was notified they lost my identity details with the hack too. Fuckers never disposed of identity information even after more than 10 years of not being a customer.
  • by GimpOnTheGo ( 6567570 ) on Sunday November 12, 2023 @06:42PM (#64000829)

    Chronic under investment. Optus (or Optus-arse/Optus-ass as we call them) are owned by Singtel. They spend the absolute minimum to maximise profit. They routinely over subscribe their services and they off-shore massively to the usual totally shit yet cheap Indians.

    Frankly I'm surprised this doesn't happen on the regular. A lot of their senior cybersec guys have all bailed over the last 5 years. It's a total shitshow and it shows.

  • It leaked quickly to the media and was published in the AFR and by the ABC. There was no security at all. So that work could be done on a customer app, access to all of Optus's customer data was left open on the internet. The data, even though it included names, addresses, birthdays, drivers licences and passports was unencrypted, and organised by sequentional customer numbers. It didn't even count as a hack.

    The 10m represented Optus's current and former customers. Federal laws require that ID and credit ca

    • A friend of mine clued me in to how frighteningly incompetent two institutions in Australia truly are - the ISPs and the federal government. It takes a really... bizarre company to not take step one of responsibility for security and then argue in court their negligence should be kept a secret. I wouldn't be surprised if Starlink dramatically cuts into their market share if/when they reach Oceania

You are always doing something marginal when the boss drops by your desk.

Working...