Optus reportedly sending cyber attack letters to dead people

Optus has reportedly been sending letters to dead people and others who have never been customers of the telecommunications giant, telling them their personal information has been hacked.

In another sign the company has fumbled its way through the cyber attack, many people have taken to social media to complain about generic letters they had received.

“I received a letter from Optus addressed to a former resident,” one person wrote.

“Given I’ve been in this house for over a decade, I’m left wondering how far back does Optus’ data retention go? How many people don’t yet know their data has been compromised?”

Another person posted: “A bit over a month after the Optus cyber attack, I get a letter today saying my licence number was exposed. It has been over 12 years since I was a customer of theirs.”

Technology commentator Geoff Quattromani told NCA NewsWire the letters appeared to be going out sporadically.

“It’s almost like Optus is just trying to email or post letters to anybody who may have been in contact with them at some point in time, whether that was through one of their subsidiaries, a competition or they just had them somewhere in a database,” he said.

“For people who have never been an Optus customer to be receiving this information from Optus just seems like a scatter gun approach. It just doesn’t make any sense, so I’m pretty confused.

“I don’t think Optus has been very forthcoming in telling us any detail about how this has happened or why this has happened, and I think it’s just confusing more people than helping them at the moment.”

Mr Quattromani said it appeared to be Optus “stuffing up” rather than being linked to anything the hacker did.

“Usually when you’re hacked by anybody, they take data – they don’t usually muddle up your data,” he said.

“That’s quite difficult to do compared to just downloading it, so I imagine from a hacking point of view, it’s not related, but I think Optus is trying to probably do their best and communicate with their customers.

“I think they’ve lost the definition of what a customer is and they’re just trying to reach anybody who may have been impacted, but that’s a different answer to actually who has been impacted.”

Mr Quattromani said if a person was never an Optus customer, there was no reason for them to be contacted at all.

“A lot of people who have been sending these letters through are people who may have lived at that address in the past, or they don’t know who these people are at all,” he said.

“Sometimes it’s addressed to the wrong person at the right address.

“It could be somebody who may have been a Virgin Mobile customer. It could have been somebody who was a Boost Mobile customer. Both of those were once upon a time owned by Optus.”

Mr Quattromani said some people who were being contacted might have simply entered a competition via Optus.

“You could have been a Telstra customer and still been in the draw to win that Optus giveaway and as a result, given out potentially your mailing address and your name,” he said.

“I think Optus is just trying to wrangle in every database they’ve got of anybody who’s interacted with them, assuming that they all could be impacted in some way.”

Mr Quattromani also suggested it was time for Optus to put Gladys Berejiklian up as a spokesperson because she was experienced with the media and the matter was “dragging on” too long.

“I’m thinking the person who’s steering the ship is not managing the communications very well,” he said.

“This is a big deal and I’m pretty sure Gladys wouldn’t say no to an opportunity like that.

“There seems to be mistake on mistake and they probably just need to rectify it by just putting up the right spokesperson.”

An Optus spokesperson told NCA NewsWire the company was not providing comments on individual customers’ situations.

“In some instances, the contact information that we had for customers who were impacted was out of date,” they said.

“We have in the first instance tried to reach customers via the quickest contact methods, such as email or SMS, but have sent letters via post if those methods didn’t work.”

Source link