23 September 2022

Optus data breach logged with OAIC after public revelation, with falsified figures?

One of the prerequisites is that corporations conducting business in Australia must inform the OAIC (Office of the Australian Information Commissioner) once a data breach has occurred.

Some CEO's chose not to inform the OAIC, where this information will be made public, in order not to lose customer's i.e. profits as a result of poor security pracitices of their corporation's I.T. infrastructure.

Some CEO's choose to wait for a ransom notice in order to pay it, hoping the problem will go away, where the outside world will be none the wiser.

These practices fall under the unconsionable conduct, which is against the law.

But at the end of the day no one (i.e. corpoation's CEO's) cares until it's taken to court.

Optus' data breach was reported by news.com.au after 2pm on Thurdsay 22/09/2022:


The Office of the Information Commissioner published Optus' data breach at approx 10pm on 22/09/2022.

When did the data breach factually occur?

When did Optus decide to infom the OAIC?

Optus has not conducted business 'honourably' in Australia, where it has been fined on occassions for false advertising.

"Profit's before People", right?

In any event, when the story broke out Optus claimed that 9 million people were affected, as seen in the  screen shot below:


Then the story was modified approximately 3 hours later


where the claim is that 7 million people:


Another Optus 'false advertising' claim?

One of the greatest problems Australians face with regards to the privacy and security of their data when dealing with corporations is that in order to save on costs, the corporations 'outsource' their I.T. services where the administration is sub par, lacking in the required skill-set to keep the data on the servers and the bad guys out.

As the saying goes: "If you pay peanuts, you get monkeys", behind the keyboards.

Once the data is out of your control you cannot catergoriaclly state that there are no victims, where the authorities or the corpoations involved, may not even know or even report to the victims or even public for quite some time of the magnitude the criminal actions of identity theft has occured from that particular data breach.

No comments:

Post a Comment