Optus compromising 9.8m records is ‘worst case scenario’

“This particular [hack] is not similar to anything we’ve seen before,” Optus chief executive Kelly Bayer Rosmarin says in a media briefing.

Bayer Rosmarin said Optus identified the hack when it noticed some suspicious activity late on Wednesday night.

After it was identified, Optus’ cyber team took steps to block it and begin the process of understanding exactly what had transpired and how, Bayer Rosmarin said.

At that stage, Optus did not understand the extent of the breach but it had begun the process of trying to recreate the logs of what had transpired.

Bayer Rosmarin was made aware of the data breach by Optus’ chief information officer less than 24 hours after it occurred.

“It was only late that night that we were able to determine that it was of a significant scope. I think that was sort of a late-night call. And by 2pm the next day, we had notified everybody and tried to get all our ducks in a row … It’s probably one of the fastest responses in these sorts of situations,” she said.

She said it was hard to provide specific advice to customers given the information compromised was not the “most vulnerable information” such as financial details and passwords.

“We don’t have a simple message of just change your password,” she said.