South China Morning Post
Advertisement
Advertisement
Australia
Get more with myNEWS
A personalised news feed of stories that matter to you
Learn more
The cost for Singapore Telecommunications Ltd. to make good customers exposed to one of Australia’s worst data breaches risks wiping out more than one-quarter of its annual profit. Photo: AFP/File
AsiaAustralasia

Data hack in Australia could cost Singapore Telecommunications more than US$400 million in profits

  • An unprecedented hack last week on Optus, a subsidiary of SingTel, led to the theft of personal data of 9.8 million customers in Australia
  • One estimate believes that compensation for Optus customers could equate to between US$420 million and US$560 million
Australia
Bloomberg
Bloomberg
Why you can trust SCMP
The cost for Singapore Telecommunications Ltd. to make good customers exposed to one of Australia’s worst data breaches risks wiping out more than one-quarter of its annual profit.

Optus, SingTel’s Australian mobile-phone business, last week revealed hackers accessed the personal information of as many as 9.8 million customers – over one-third of the population. Some 2.8 million of them lost details of passports, drivers licenses or government-issued medical identity cards, triggering concerns about large-scale identity fraud, according to the government.

One week after the hack was disclosed, the scale and the fallout – as well as the potential costs for Optus – are growing.

Prime Minister Anthony Albanese said the company should pay for replacement passports, while Australia’s biggest states said Optus would pick up the tab for new driving permits. The government also plans to tighten cybersecurity legislation because of the breach.

Australia’s Optus contacts customers caught in cyberattack

Cyberattacks have become more common worldwide, exposing at least 11.43 billion customer records at several hundred entities in the space of more than a decade. Australian police are working with the US Federal Bureau of Investigation on the Optus hack. Home Affairs and Cyber Security Minister Clare O’Neil on Wednesday described the attack as “a big wake-up call” for corporate Australia.

The average cost incurred by a hacked company for each customer record lost is US$150 to US$200, said Ajay Unni, chief executive officer and founder of cybersecurity consultancy StickmanCyber. That includes compensation, legal bills and the cost of public relations campaigns. “Some organizations end up spending double that,” he said.

Applied only to the 2.8 million worst-affected Optus customers, that would equate to between US$420 million and US$560 million. Optus-owner SingTel made a profit of US$1.44 billion in the year ended March.

Optus is also likely to spend money tightening security and on training, according to Unni. At the same time, Australian law firm Slater & Gordon Ltd. is assessing a class action against Optus and says it has received tens of thousands of registrations.

Chinese hackers targeting Malaysia’s Petronas, Australia’s government: US report

It’s difficult to itemise the costs for Optus. It has offered the worst-hit customers a free 12-month subscription to credit monitoring and identity protection service Equifax. That costs A$14.95 (US$10) a month, so if 2.8 million customers accepted the offer, it could notionally cost A$502 million (US$326 million). Of the identity documents exposed, passports are the most expensive, though it’s not clear how many have been compromised. A replacement costs A$193 (US$125).

Optus didn’t reply to requests seeking comment on possible costs, or the estimate of between US$420 million and US$560 million. The company has apologised for the data breach. It said late on Wednesday that 36,900 medical identity numbers were among the records exposed.

“The Australian government should have better powers to enforce cybersecurity provisions on private companies and that’s something I’ll be looking to do in the wake of the attack,” O’Neil said.

Additional reporting by Associated Press

3