News | Technology
19 Jul 2024 15:15
NZCity News
NZCity CalculatorReturn to NZCity

  • Start Page
  • Personalise
  • Sport
  • Weather
  • Finance
  • Shopping
  • Jobs
  • Horoscopes
  • Lotto Results
  • Photo Gallery
  • Site Gallery
  • TVNow
  • Dating
  • SearchNZ
  • NZSearch
  • RugbyLeague
  • Make Home
  • About NZCity
  • Contact NZCity
  • Your Privacy
  • Advertising
  • Login
  • Join for Free

  •   Home > News > Technology

    Optus cyber attack could have been prevented four years prior, says telecoms watchdog

    ACMA claims Optus should have known about a flaw in its system four years before the cyber attack that stole millions of Australians' data, but failed to fix it.

    Optus could have prevented a data hack that leaked the details of about nine and a half million Australians four years prior, the Australian telecommunications watchdog alleges.

    The Australian Communications and Media Authority made the claims in a filing to the Federal Court, where it has lodged an action against Optus for failing to protect its customers' personal information during a data breach in 2022.

    The cyber attack meant hackers likely made away with the passport and drivers licence numbers of 2.8 million people.

    Optus said it intends to defend the allegations.

    In its filing, ACMA outlined how it alleged the cyber attack took place.

    "Optus' failure was due to a coding error which it did not detect during (and for four years prior to) the [September 17 to 20, 2022]," the authority claimed.

    "As a result the personally identifiable information of more than nine and a half million former and current customers of Singtel Optus Pty Limited and its subsidiaries were accessed by a cyber attacker."

    ACMA said it would seek civil penalties against Optus for its alleged failure.

    Vulnerable domain left 'dormant'

    The Federal Court filing detailed a number of "vulnerabilities" ACMA believed the Optus system to have.

    It said two of the company's domains had the same coding error for one of its access controls, which left it open to cyber attack.

    But ACMA said at one point Optus noticed the error and fixed it — but only on one of its domains.

    The other was still left vulnerable.

    "Optus has the opportunity to identify the coding error at several stages in the preceding four years," the filing said.

    "The [domain] was permitted to sit dormant and vulnerable to attack for two years and was not decommissioned despite the lack of any need for it."

    Despite then-Optus chief executive Kelly Bayer Rosmarin referring to the attack as 'sophisticated' at the time, ACMA said they disputed the claim.

    "The cyber attack was not highly sophisticated or one that required advanced skills or propriety or internal knowledge of Optus' processes or systems," the filing said.

    "It was carried out through a simple process of trial and error."

    The authority also detailed the harm that had since come from the attack, and said the number of people targeted in the attack was just over a third of Australia's population.

    "Of the active subscribers of an Optus service, 3,154,171 customers had their physical address accessed and 2,470,036 had identity information accessed," the filing said.

    "The cyber attack led to the personally identifiable information of approximately 10,200 Singtel Optus customers being published on the dark web."

    What does Optus say?

    Optus interim chief executive Michael Venter said the telco still deeply regrets the cyber attack, and customers had a right to believe their data would be kept safe.

    However he said the attack was 'motivated and determined'.

    "The cyber attack resulted from the cyber attacker being able to exploit a previously unknown vulnerability in our defences that arose from a historical coding error," he said.

    "This vulnerability was exploited by a motivated and determined criminal as they probed our defences, and then exploited and evaded these defences by taking steps to bypass various authentication and detection controls that were in place to protect our customers’ data. 

    "The criminal did this by mimicking usual customer activity and rotating through tens of thousands of different IP addresses to evade detection."

    He said Optus had since worked to address the vulnerability and continue to invest in cyber defences.

    "Optus recognises that we still have much to do to fully regain our customers’ trust and we will continue to work tirelessly towards this goal," Mr Venter said.

    "Optus will continue to cooperate with the ACMA on this matter, although it intends to defend this action and where necessary, correct the record. 

    "It will ultimately be a matter for the Federal Court to determine whether there has been any breach or the appropriateness of any sanctions against Optus."

    The next hearing in the Federal Court is set to take place in September.

    © 2024 ABC Australian Broadcasting Corporation. All rights reserved

     Other Technology News
     19 Jul: Why you might find yourself struggling for phone connection in the heart of the city
     13 Jul: Hundreds of employers are under a migrant hiring freeze after an issue with Immigration NZ's IT system
     12 Jul: Why Shelley Duvall disappeared from Hollywood
     26 Jun: What's the best way to call in sick to work, and when should you do it?
     19 Jun: It's great news for New Zealand's Super Fund - that AI computer-chip maker Nvidia's risen to become the world's most valuable company
     14 Jun: Wellington City Council's rolling out a new high-tech method for enforcing illegal car parking
     11 Jun: Jannik Sinner has become the first Italian to top the men's world tennis rankings since computerised entries began in 1973, replacing the injured Novak Djokovic
     Top Stories

    Former All Blacks halfback Justin Marshall has no qualms about Cortez Ratima and Noah Hotham combining in the role tomorrow afternoon against Fiji More...

    Good news for home-buyers.... BNZ and Kiwibank are following ANZ and Westpac in cutting their advertised home loan and term deposit rates, following Wednesday's drop in CPI inflation More...

     Today's News

    AnnaLynne McCord has paid tribute to Shannen Doherty 14:58

    Law and Order:
    A third man's been charged with murder, in relation to the death of South Canterbury man, Anaru Moana 14:57

    Live updates: Donald Trump addresses Republican National Convention, Joe Biden 'soul-searching', US media reports 14:47

    Firerose has been banned from using Billy Ray Cyrus' credit cards 14:28

    New Zealand Cricket remains adamant the White Ferns are moving in the right direction... despite eight defeats in a row in their white-ball tour of England 14:08

    Health & Safety:
    Ethnicity, equality and Pharmac: how the Treaty really guides NZ’s drug-buying policies 14:08

    Motorists are being urged to take extra care tonight with rough weather on the way in some places 14:08

    Richard Simmons' family are "overwhelmed and beyond grateful" for the "outpouring of love" sparked by his death 13:58

    Health & Safety:
    Pharmac's committed to delivering more dietary options for people with inherited metabolic diseases 13:47

    Dick Van Dyke had "never approached a strange woman" before introducing himself to his future wife 13:28

     News Search

    Power Search

    © 2024 New Zealand City Ltd