Optus Loses Court Bid To Keep Report Into Cause of 2022 Cyber-Attack a Secret (theguardian.com) 27
Wednesday nearly half of Australia was left without internet or phone service after the country's second largest telecommunications company experienced a service outage affecting 10 million people.
But that's not Optus's only problem, according to this report from the Guardian: Optus has lost a bid in the federal court to keep secret a report on the cause of the 2022 cyber-attack — which resulted in the personal information of about 10 million customers being exposed — after a judge rejected the telco's legal privilege claim. After the hack, the company announced in October last year that it had recruited consultancy firm Deloitte to conduct a forensic assessment of what had led to the cyber-attack. Since then, the company has also faced an investigation by the Office of the Australian Information Commissioner, and a class action case in the federal court. As part of the class action case, law firm Slater and Gordon, acting for the applicants, had sought access to the Deloitte report that was never made public...
It came as the embattled CEO faces pressure over the company's handling of a 14-hour outage on Wednesday, that took phone and internet services offline for 10 million customers, delayed trains, disconnected call centres and hospital phone lines. The company has not announced any independent report into the incident, but it is now subject to two government investigations and a Senate inquiry.
But that's not Optus's only problem, according to this report from the Guardian: Optus has lost a bid in the federal court to keep secret a report on the cause of the 2022 cyber-attack — which resulted in the personal information of about 10 million customers being exposed — after a judge rejected the telco's legal privilege claim. After the hack, the company announced in October last year that it had recruited consultancy firm Deloitte to conduct a forensic assessment of what had led to the cyber-attack. Since then, the company has also faced an investigation by the Office of the Australian Information Commissioner, and a class action case in the federal court. As part of the class action case, law firm Slater and Gordon, acting for the applicants, had sought access to the Deloitte report that was never made public...
It came as the embattled CEO faces pressure over the company's handling of a 14-hour outage on Wednesday, that took phone and internet services offline for 10 million customers, delayed trains, disconnected call centres and hospital phone lines. The company has not announced any independent report into the incident, but it is now subject to two government investigations and a Senate inquiry.
Re: (Score:3)
That's around 40% of the population of Oz, and I suspect it's the number of customers they have.
The numbers have to be very approximate, and really the number affected by this new problem should be far higher than the number affected by the security breach. The security breach probably just affected the contract holders, the telephone + internet outage meant that cash registers did not work, trains did not run, whatever.
Re: (Score:2)
It's basically just another way of saying "all 10 million customers".
Re: (Score:2)
I'm honestly shocked they have that many customers, and that's before taking into account my assumption that people ditched Optus after the breech.
ur mom was off-shored (Score:1)
1. Work was off-shored, please provide citation, not rhetoric.
2. If off-shored, relevance to this particular issue, again please provide evidence, not rhetoric
It's hard to imagine no redundancy (Score:2)
A whole chain of firings would seem to be called for here.
Re: (Score:3)
Re: (Score:3)
Not just one tech.
Re: (Score:2)
The one we'll hear about will be the one management try to pin the blame on.
Re: (Score:2)
What makes you think there's no redundancy? Follow up question: what makes you think that any redundant system is resistant to a well thought out human fuckup?
Re: (Score:2)
"The redundant system is a second powerboard that the first powerboard is plugged into"
Re: (Score:2)
Even a well thought out redundancy is probably vulnerable to the swiss cheese model of accident causation. Once in a blue moon events align that fall through all holes.
The real question is how big/many holes there were, and how blue the moon actually was.
Re: (Score:2)
Because I have run redundancy from 10k miles away when in theater. If the shit didn't work we were up shits creek without a paddle. It can be done. I'd leave CONUS and leave the whole setup rigged up so I could flip the switch from the other end of a DS3 with an alternate path over another network. Desperation measure is I called an on-call guy at the CONUS site to flip the switch. Never had to do that. Everything redundant from start to finish, including the power sources at both ends. Generators ar
Re: (Score:2)
For critical infrastructure operated this badly? What about a chain of jailings instead?
How did it work at all (Score:4, Interesting)
Re: (Score:2)
The tech guys are pretty good though.
Re: (Score:2)
No liability will do that...
wish it was only customers (Score:4, Insightful)
Re:wish it was only customers (Score:4, Insightful)
And that is why the GDPR is a good idea.
Re: (Score:2)
Re: (Score:2)
Same here. I am also a supporting member of NOYB for when the Irish "Data Protection Authority" fuckers (and other) again refuse to do their jobs and need to be sued.
Simple reason. (Score:3)
Chronic under investment. Optus (or Optus-arse/Optus-ass as we call them) are owned by Singtel. They spend the absolute minimum to maximise profit. They routinely over subscribe their services and they off-shore massively to the usual totally shit yet cheap Indians.
Frankly I'm surprised this doesn't happen on the regular. A lot of their senior cybersec guys have all bailed over the last 5 years. It's a total shitshow and it shows.
Not a secret (Score:2)
It leaked quickly to the media and was published in the AFR and by the ABC. There was no security at all. So that work could be done on a customer app, access to all of Optus's customer data was left open on the internet. The data, even though it included names, addresses, birthdays, drivers licences and passports was unencrypted, and organised by sequentional customer numbers. It didn't even count as a hack.
The 10m represented Optus's current and former customers. Federal laws require that ID and credit ca
Re: (Score:1)
A friend of mine clued me in to how frighteningly incompetent two institutions in Australia truly are - the ISPs and the federal government. It takes a really... bizarre company to not take step one of responsibility for security and then argue in court their negligence should be kept a secret. I wouldn't be surprised if Starlink dramatically cuts into their market share if/when they reach Oceania