No, Optus doesn’t must maintain your delicate info for thus lengthy

Information of the Optus cybersecurity assault is surprising. The thousands and thousands of consumers doubtlessly impacted by the breach is mind-boggling. However the actual startling query is how a breach of this magnitude remains to be occurring in 2022.

Whereas cyber breaches are a actuality for any organisation – massive or small-running methods linked to the web and excellent cybersecurity is an impossibility – what we do know is that cyberattacks, hacks, breaches … no matter you need to name them, are completely foreseeable.

Every time a cyber incident occurs, all organisations massive and small ought to sit up and assess whether or not this might occur to them.Credit score:AP

The magnitude of such breaches may also be minimised by organisations making aware selections about what to make use of, maintain, retailer and, if they have to retailer it, storing it securely so it can’t be simply accessed. These selections are usually not new, and encryption shouldn’t be a novel, unreachable answer.

There have been far too many cyberattacks the place staggering quantities of non-public info have been stolen. Suppose the Goal hack in 2013, the Workplace of Personnel Administration within the US in 2014, UK telecommunications supplier TalkTalk in 2015, Equifax in 2017 and the ANU in 2018. All of those breaches had variants of the identical factor: information theft, various levels of extremely private info and, in lots of circumstances, the affect of those breaches may have been minimised.

These are all learnable occasions.

Every time a cyber incident occurs, all organisations massive and small ought to sit up and assess whether or not this might occur to them.


What makes the Optus breach presumably extra astounding is that it’s alleged {that a} subset (some figures put it at 2 million plus prospects and former prospects) have had their extremely private info stolen. Licences and passport numbers are some examples of knowledge that Optus believes could have been accessed.

Unconfirmed reviews recommend that entry to the delicate buyer information was via what is called an Utility Programming Interface, also called an API. That is an interface that enables two functions to speak to one another, corresponding to whenever you use the climate app in your telephone, the app makes use of an API to get the climate. On this case, when that API is on a system linked to the web, if it’s not secured correctly, you may have left the door open to permit the cybercriminals to start out extracting information out. They are going to seize any information they will seize – on this case beneficial buyer information.

Leave a Reply

Your email address will not be published.