Things are not getting better for Optus, a subsidiary of the Singapore-owned Singtel and Australia’s second largest telecommunications company. Responsible for one of Australia’s largest data breaches, the beleaguered company is facing burning accusations and questions on various fronts. It is also proving to be rather less than forthcoming about details as to what has been compromised in the leak.
Advertisement
First, for the claimed story, which has been, at points, vague. On September 22, the telecommunications company revealed that details of up to 9.8 million customers had been stolen from their database. Dating back to 2017, these include names, birthdates, phone numbers, email addresses and, in a number of cases, addresses, passport number or driver’s licenses.
Fittingly, and perversely, a study from the Australian Institute of Criminology that same year found that one in four Australians had been victims of identity crime or a general misuse of personal information. A less than comforting observation from the authors was the remark that such rates were “comparable with the 27 percent reported by respondents to the identity fraud survey conducted in 2012 for the United Kingdom’s National Fraud Authority”.
In the case of Optus, the company claims that the breach arose from a “sophisticated cyberattack”. The view from those outside Optus is somewhat different. The attack seemed to have occurred when an application programming interface (API) was linked to an Optus customer database leaving it easily accessible. In basic terms, an API permits the transfer of data. Left naked and vulnerable, users can merrily pry their way into systems they would otherwise not have access to.
..
Support the originator by clicking the read the rest link below.
