1
00:00:02,720 --> 00:00:05,000
Speaker 1: My name is Lily Madden and I'm a proud Arunda

2
00:00:05,240 --> 00:00:10,040
Speaker 1: bunjelung Caalcutin woman from Gadighl Country. The Daily oz acknowledges

3
00:00:10,119 --> 00:00:12,320
Speaker 1: that this podcast is recorded on the lands of the

4
00:00:12,320 --> 00:00:15,880
Speaker 1: Gadighl people and pays respect to all Aboriginal and Torres

5
00:00:15,880 --> 00:00:18,799
Speaker 1: Strain island and nations. We pay our respects to the

6
00:00:18,800 --> 00:00:21,599
Speaker 1: first peoples of these countries, both past and present.

7
00:00:30,120 --> 00:00:32,879
Speaker 2: Good morning and welcome to the Daily os It's theirsday,

8
00:00:32,920 --> 00:00:36,800
Speaker 2: the twenty ninth of September. I'm Zara, I'm Billy. About

9
00:00:36,800 --> 00:00:39,840
Speaker 2: ten million Ausies got a nasty surprise in the middle

10
00:00:39,880 --> 00:00:43,240
Speaker 2: of their public holiday last week when Optics announced they've

11
00:00:43,240 --> 00:00:47,080
Speaker 2: been the victim of a massive cyber attack targeting their customers'

12
00:00:47,080 --> 00:00:52,199
Speaker 2: personal information. Sensitive info like driver's license numbers, phone numbers

13
00:00:52,200 --> 00:00:55,520
Speaker 2: and physical addresses had been leaked. We'll get into what

14
00:00:55,680 --> 00:00:58,120
Speaker 2: has happened in the week since, because boy, has there

15
00:00:58,200 --> 00:00:59,880
Speaker 2: been a lot and what you can do if you're

16
00:01:00,280 --> 00:01:03,400
Speaker 2: has been compromised. First, Billy take us through the headlines.

17
00:01:06,600 --> 00:01:09,520
Speaker 3: Treasurer Jim Chalmers has said that the government is under

18
00:01:09,640 --> 00:01:13,000
Speaker 3: no illusions about the impact that reinstating the fuel excise

19
00:01:13,040 --> 00:01:16,640
Speaker 3: will have the excise returned today after the previous coalition

20
00:01:16,720 --> 00:01:20,040
Speaker 3: government cut the tax for six months to address rising

21
00:01:20,120 --> 00:01:20,880
Speaker 3: cost of living.

22
00:01:22,920 --> 00:01:27,400
Speaker 2: The controversial Cashless Debit card has officially been scrapped after

23
00:01:27,600 --> 00:01:31,360
Speaker 2: legislation to abolish the program past both houses of Parliament.

24
00:01:31,720 --> 00:01:34,960
Speaker 2: Over seventeen thousand Australians will be taken off the card

25
00:01:35,080 --> 00:01:38,280
Speaker 2: next week. It was first introduced back in twenty sixteen.

26
00:01:39,840 --> 00:01:43,640
Speaker 3: Cuba has experienced a complete blackout after Hurricane Ian swept

27
00:01:43,680 --> 00:01:46,959
Speaker 3: through the country. Over eleven million people were left in

28
00:01:47,000 --> 00:01:49,760
Speaker 3: the dark from the storm, which has held wind speeds

29
00:01:49,760 --> 00:01:52,240
Speaker 3: of up to one hundred and ninety five kilometers per hour.

30
00:01:52,680 --> 00:01:55,360
Speaker 3: It is now set to hit Florida, with Americans bracing

31
00:01:55,400 --> 00:01:57,840
Speaker 3: for extreme winds, flooding and title surges.

32
00:01:59,400 --> 00:02:02,920
Speaker 2: And some good news for your Thursday, The Australian Opals

33
00:02:02,920 --> 00:02:05,880
Speaker 2: have finished a top Group B of the Women's Basketball

34
00:02:05,880 --> 00:02:08,560
Speaker 2: World Cup and have set up a quarter final clash

35
00:02:08,600 --> 00:02:12,119
Speaker 2: with Belgium tonight. The Oples finished group play with four

36
00:02:12,160 --> 00:02:15,360
Speaker 2: consecutive wins after losing to France in their opening game.

37
00:02:15,680 --> 00:02:18,320
Speaker 2: The Oples could be looking at a potential gold medal

38
00:02:18,360 --> 00:02:24,040
Speaker 2: match against the top ranked US on Saturday. Okay, so

39
00:02:24,160 --> 00:02:26,720
Speaker 2: Billy it turns out that once upon a time I

40
00:02:27,000 --> 00:02:30,600
Speaker 2: was an Optu's customer. I had completely forgotten all about

41
00:02:30,639 --> 00:02:34,519
Speaker 2: it until I woke up yesterday morning to an email

42
00:02:34,520 --> 00:02:36,600
Speaker 2: from them telling me that some of my data was

43
00:02:36,680 --> 00:02:39,040
Speaker 2: now floating around on the World Wide Web.

44
00:02:39,240 --> 00:02:40,960
Speaker 3: That is happening to a lot of people. I think

45
00:02:40,960 --> 00:02:43,440
Speaker 3: I must be one of the only people in Australia

46
00:02:43,560 --> 00:02:45,840
Speaker 3: who has never been an Optus customer.

47
00:02:45,880 --> 00:02:46,880
Speaker 2: Do you feel left out now?

48
00:02:46,960 --> 00:02:51,120
Speaker 3: I feel thankful fair enough, given this past week of news.

49
00:02:51,200 --> 00:02:53,800
Speaker 3: But so you said that you're a former customer. This

50
00:02:53,919 --> 00:02:57,200
Speaker 3: has mostly affected current customers, as I'm sure that you

51
00:02:57,200 --> 00:02:59,760
Speaker 3: can imagine. So what we know is that over ten

52
00:02:59,800 --> 00:03:03,480
Speaker 3: million Aussies are Optis customers, which is actually quite a

53
00:03:03,560 --> 00:03:06,639
Speaker 3: lot when you consider there's about twenty six million Australians

54
00:03:07,160 --> 00:03:10,040
Speaker 3: and almost all of them have had some of their

55
00:03:10,120 --> 00:03:12,520
Speaker 3: data exposed from the information that we know so far,

56
00:03:12,800 --> 00:03:14,960
Speaker 3: so it won't be a surprise that that makes this

57
00:03:15,040 --> 00:03:17,800
Speaker 3: one of the biggest hacks in Australian history.

58
00:03:18,240 --> 00:03:21,280
Speaker 2: It is a story that somehow gets worse at every turn.

59
00:03:22,080 --> 00:03:24,720
Speaker 2: What do we know about how the hack occurred, because,

60
00:03:24,760 --> 00:03:26,840
Speaker 2: as you said, it happened, or at least we found

61
00:03:26,840 --> 00:03:29,960
Speaker 2: out about it on a public holiday, Who carried it out,

62
00:03:30,120 --> 00:03:31,720
Speaker 2: when was it discovered? Tell me everything.

63
00:03:32,240 --> 00:03:35,080
Speaker 3: Okay, I'm going to start with the easiest question first

64
00:03:35,080 --> 00:03:38,120
Speaker 3: of how this started. So Optis discovered and stopped the

65
00:03:38,240 --> 00:03:42,600
Speaker 3: hack on Wednesday afternoon last week when their cybersecurity team

66
00:03:42,800 --> 00:03:46,840
Speaker 3: noticed suspicious activity with their customer data. And so I

67
00:03:46,840 --> 00:03:49,480
Speaker 3: think one of the big questions we've had is obviously

68
00:03:49,600 --> 00:03:53,200
Speaker 3: who carried out this hack? And that is a lot

69
00:03:53,280 --> 00:03:56,040
Speaker 3: more blurry. So we know that earlier this week, a

70
00:03:56,240 --> 00:03:59,920
Speaker 3: hacker going by the username of Optis data posted to

71
00:04:00,200 --> 00:04:03,120
Speaker 3: forum taking credit for the hack, but we don't know

72
00:04:03,400 --> 00:04:05,720
Speaker 3: anything else about them. All we know is they use name,

73
00:04:06,040 --> 00:04:08,960
Speaker 3: and it's been speculated that they might have been acting

74
00:04:08,960 --> 00:04:11,840
Speaker 3: on behalf of someone else. I mean, obviously that's a pseudonym,

75
00:04:11,920 --> 00:04:14,120
Speaker 3: so we don't know who this is. But at this stage,

76
00:04:14,280 --> 00:04:15,560
Speaker 3: that's basically.

77
00:04:15,080 --> 00:04:15,600
Speaker 2: All we know.

78
00:04:16,080 --> 00:04:19,520
Speaker 3: When that forum post appeared, it was accompanied by the

79
00:04:19,560 --> 00:04:23,080
Speaker 3: personal data of about ten thousand Optis customers, so it

80
00:04:23,160 --> 00:04:26,320
Speaker 3: was basically them confirming that they do have these details,

81
00:04:27,160 --> 00:04:30,520
Speaker 3: and that included details like medicare numbers, which Optis had

82
00:04:30,560 --> 00:04:33,480
Speaker 3: previously said wasn't actually included in the hack. So we've

83
00:04:33,520 --> 00:04:37,320
Speaker 3: since realized that Medicare numbers were that data has now

84
00:04:37,360 --> 00:04:39,719
Speaker 3: allegedly been deleted by the hacker.

85
00:04:40,279 --> 00:04:43,960
Speaker 2: Okay, so that really shows how much this situation is evolving.

86
00:04:44,040 --> 00:04:48,880
Speaker 2: I guess what data has optis conclusively said was exposed.

87
00:04:49,000 --> 00:04:52,440
Speaker 3: Yeah, we're really finding out new information basically every day.

88
00:04:52,680 --> 00:04:54,159
Speaker 3: I have a list in front of me of what

89
00:04:54,200 --> 00:04:57,880
Speaker 3: optis said was initially included. So it was customers names,

90
00:04:58,160 --> 00:05:01,760
Speaker 3: dates of birth phone numbers, and email addresses, and then

91
00:05:01,800 --> 00:05:06,560
Speaker 3: for some customers it also included addresses, ID document numbers

92
00:05:06,560 --> 00:05:09,599
Speaker 3: such as driver's licenses and also passport numbers.

93
00:05:10,120 --> 00:05:12,440
Speaker 2: It is so concerning to hear you read it out

94
00:05:12,520 --> 00:05:15,839
Speaker 2: like that. It just really distills how much information we

95
00:05:15,960 --> 00:05:18,919
Speaker 2: believe has been taken. That is a lot of detail

96
00:05:18,960 --> 00:05:20,200
Speaker 2: about someone's identity.

97
00:05:20,640 --> 00:05:25,320
Speaker 3: Yeah. Interestingly, TDA spoke to a cybersecurity expert yesterday, Catherine

98
00:05:25,360 --> 00:05:28,040
Speaker 3: Manstead from A and U, and she said that it's

99
00:05:28,040 --> 00:05:30,760
Speaker 3: pretty much everything you'd need to put together one hundred

100
00:05:30,800 --> 00:05:33,239
Speaker 3: points of ID and that means that you could basically

101
00:05:33,240 --> 00:05:37,800
Speaker 3: spoof someone's identity with all of those identification details, which

102
00:05:37,800 --> 00:05:40,600
Speaker 3: I think is what makes this hack so dangerous. How

103
00:05:40,640 --> 00:05:44,520
Speaker 3: much detail was exposed Another thing that she pointed out

104
00:05:44,560 --> 00:05:47,239
Speaker 3: to us was that this hack is of a serious

105
00:05:47,279 --> 00:05:50,320
Speaker 3: concern to someone who might be leaving a violent relationship

106
00:05:50,720 --> 00:05:54,040
Speaker 3: or who has had experiences with stalking in the past.

107
00:05:54,200 --> 00:05:57,120
Speaker 3: You know, having their data available online could literally be

108
00:05:57,400 --> 00:05:58,840
Speaker 3: life threatening for some people.

109
00:05:59,160 --> 00:06:02,280
Speaker 2: It really could. And I mean the list of concerns

110
00:06:02,360 --> 00:06:06,839
Speaker 2: goes on. How has Optus responded to this well.

111
00:06:06,839 --> 00:06:10,240
Speaker 3: OPTA CEO Kelly Beyer Rosmarin has been in the media,

112
00:06:10,320 --> 00:06:12,839
Speaker 3: as you can imagine, a fair bit in the past week.

113
00:06:13,040 --> 00:06:16,840
Speaker 3: She started off by describing the hack as quite sophisticated,

114
00:06:16,960 --> 00:06:20,120
Speaker 3: which has been largely disputed in the days since, but

115
00:06:20,240 --> 00:06:23,040
Speaker 3: one of her most quoted lines from the last week

116
00:06:23,240 --> 00:06:27,159
Speaker 3: was that quote, most customers understand that we and she's

117
00:06:27,160 --> 00:06:30,040
Speaker 3: referring to Optics there are not the villains. But as

118
00:06:30,040 --> 00:06:31,760
Speaker 3: I said, this has turned out to be quite a

119
00:06:31,760 --> 00:06:35,000
Speaker 3: contentious point. The government has a slightly different view on

120
00:06:35,000 --> 00:06:35,880
Speaker 3: the whole situation.

121
00:06:36,360 --> 00:06:40,200
Speaker 2: They do, and the Minister for Cybersecurity has not really

122
00:06:40,240 --> 00:06:42,960
Speaker 2: held back in this arena at all. Can you talk

123
00:06:43,000 --> 00:06:44,520
Speaker 2: me through what Clara O'Neil has said.

124
00:06:44,839 --> 00:06:47,000
Speaker 3: Yeah, so, Clara O'Neil, as you said, she is the

125
00:06:47,040 --> 00:06:50,600
Speaker 3: Minister for Cybersecurity in Australia, and she has made a

126
00:06:50,600 --> 00:06:54,800
Speaker 3: few statements certainly unambiguous about how she's feeling about this situation.

127
00:06:55,200 --> 00:06:58,799
Speaker 3: She's really challenged Rosmarin's claim that this was a sophisticated hack,

128
00:06:59,240 --> 00:07:01,680
Speaker 3: and she's described as quite a basic hack. And she

129
00:07:01,720 --> 00:07:04,000
Speaker 3: went on to say that Optis has effectively left the

130
00:07:04,040 --> 00:07:06,920
Speaker 3: window open for data to be stolen, so there's certainly

131
00:07:07,080 --> 00:07:09,800
Speaker 3: no questions there about where she's placing the blame. And

132
00:07:09,840 --> 00:07:12,440
Speaker 3: in Question Time this week, remembering it is a sitting

133
00:07:12,440 --> 00:07:15,320
Speaker 3: week at the moment, O'Neil called for Optis to provide

134
00:07:15,440 --> 00:07:18,560
Speaker 3: free credit monitoring to affected customers, which might sound like

135
00:07:18,560 --> 00:07:20,280
Speaker 3: a lot of words, but basically that means that they

136
00:07:20,280 --> 00:07:22,880
Speaker 3: would be able to check if their details were used

137
00:07:22,880 --> 00:07:26,720
Speaker 3: for fordulent transactions going forward, which Optis has now provided.

138
00:07:27,080 --> 00:07:29,680
Speaker 2: We'll be back in just a moment, but first a

139
00:07:29,680 --> 00:07:33,880
Speaker 2: message from our sponsor. Okay, so I want to zoom

140
00:07:34,000 --> 00:07:38,239
Speaker 2: back in on the average Optus customer or previous customer

141
00:07:38,440 --> 00:07:42,320
Speaker 2: like myself, who might be stressing about their personal data

142
00:07:42,360 --> 00:07:45,480
Speaker 2: being stolen. What can you actually do if something like

143
00:07:45,600 --> 00:07:48,160
Speaker 2: your passport number, for example, has been leaked.

144
00:07:48,560 --> 00:07:51,000
Speaker 3: Well, first of all, you'll need to replace anything that's

145
00:07:51,040 --> 00:07:53,800
Speaker 3: been leaked and a lot of those personal documents like

146
00:07:53,880 --> 00:07:57,640
Speaker 3: passports and driver's licenses cost money to replace, and obviously

147
00:07:57,680 --> 00:07:59,880
Speaker 3: the next question is who's going to pay for that.

148
00:08:00,080 --> 00:08:02,560
Speaker 3: So in New South Wales, the state government will give

149
00:08:02,560 --> 00:08:05,360
Speaker 3: you a replacement digital driver's license and has said that

150
00:08:05,440 --> 00:08:08,560
Speaker 3: optis may be held to reimburse the cost of replacing

151
00:08:08,640 --> 00:08:12,400
Speaker 3: your physical license. And then in other states like South Australia,

152
00:08:12,480 --> 00:08:16,120
Speaker 3: Queensland and Victoria they have also said that replacement licenses

153
00:08:16,440 --> 00:08:19,120
Speaker 3: will be reimbursed. And then other states and territories are

154
00:08:19,240 --> 00:08:22,000
Speaker 3: working out agreements as well. And if you want to

155
00:08:22,040 --> 00:08:25,600
Speaker 3: replace your passport right now, you'll be paying out of pocket.

156
00:08:25,600 --> 00:08:28,560
Speaker 3: It looks like at the moment the Australian Passport Offices

157
00:08:28,640 --> 00:08:32,120
Speaker 3: website says, quote, we charge fees to cover the cost

158
00:08:32,200 --> 00:08:36,080
Speaker 3: of a new passport. We weren't responsible for the data breach,

159
00:08:36,720 --> 00:08:40,319
Speaker 3: some shadow ministers, so people from the opposition have released

160
00:08:40,320 --> 00:08:43,600
Speaker 3: a statement calling for the government to issue free replacement

161
00:08:43,640 --> 00:08:46,600
Speaker 3: passports to victims of the breach. So we'll see how

162
00:08:46,679 --> 00:08:48,199
Speaker 3: that plays out in the coming weeks.

163
00:08:48,360 --> 00:08:50,760
Speaker 2: A lot of that sounds like a lot of personal

164
00:08:50,840 --> 00:08:54,960
Speaker 2: responsibility for the individual to take. So are there any

165
00:08:55,000 --> 00:08:58,360
Speaker 2: other steps that people affected by the hack can actually take,

166
00:08:58,440 --> 00:09:01,040
Speaker 2: will there be legal ramaficas for example.

167
00:09:01,280 --> 00:09:04,240
Speaker 3: So there's one big development here on the legal front,

168
00:09:04,360 --> 00:09:07,600
Speaker 3: and that involves Slater and Gordon, and they are a

169
00:09:07,760 --> 00:09:11,239
Speaker 3: huge law firm who really specialize in class action lawsuits,

170
00:09:11,400 --> 00:09:13,640
Speaker 3: which is where a group of people sue a person

171
00:09:13,760 --> 00:09:18,360
Speaker 3: or organization that has harmed them collectively. Now Slater and

172
00:09:18,400 --> 00:09:21,960
Speaker 3: Gordon have announced that they are investigating a potential class

173
00:09:21,960 --> 00:09:25,160
Speaker 3: action lawsuit on behalf of people affected by the breach.

174
00:09:25,200 --> 00:09:28,240
Speaker 3: So that might involve Uzara as a former customer, and

175
00:09:28,480 --> 00:09:31,720
Speaker 3: if successful, that could potentially see off just paying people

176
00:09:31,760 --> 00:09:34,439
Speaker 3: who lost ID documents and data in the hack.

177
00:09:35,080 --> 00:09:38,400
Speaker 2: I mean, for me, it's interesting because I'm pretty sure,

178
00:09:38,600 --> 00:09:40,920
Speaker 2: given that I can't remember, I must have been a

179
00:09:40,960 --> 00:09:44,880
Speaker 2: customer over seven to ten years ago, and so all

180
00:09:44,920 --> 00:09:47,800
Speaker 2: of my personal documents would have actually changed. So that

181
00:09:47,880 --> 00:09:50,679
Speaker 2: puts me in an interesting position where they've taken my data,

182
00:09:50,720 --> 00:09:53,840
Speaker 2: but I don't think that it's actually the most accurate data.

183
00:09:53,679 --> 00:09:55,680
Speaker 3: But probably puts you in a lucky perser.

184
00:09:55,720 --> 00:09:57,640
Speaker 2: I know, and I know that the people many others

185
00:09:57,640 --> 00:10:00,240
Speaker 2: aren't in that position. So it'll be really interesting to

186
00:10:00,280 --> 00:10:03,360
Speaker 2: see how this plays out. It's certainly not looking good

187
00:10:03,360 --> 00:10:06,360
Speaker 2: for Optus, and there's a lot of saving face that's

188
00:10:06,400 --> 00:10:10,120
Speaker 2: going on. It's a very good example of crisis communications

189
00:10:10,160 --> 00:10:13,320
Speaker 2: and how that plays out, certainly in the media too.

190
00:10:13,679 --> 00:10:17,040
Speaker 3: I can imagine a lot of people in PR classes right, Yes, a.

191
00:10:17,080 --> 00:10:20,760
Speaker 2: Lot, a lot. Thank you for joining us on the

192
00:10:20,840 --> 00:10:23,960
Speaker 2: Daily OZ. If you learned something from today's episode, don't

193
00:10:24,000 --> 00:10:26,720
Speaker 2: forget to hit subscribe so that there is a TDA

194
00:10:26,880 --> 00:10:29,640
Speaker 2: episode waiting for you every weekday morning. We'll be back

195
00:10:29,640 --> 00:10:35,520
Speaker 2: again tomorrow, but until then, have a fabulous Thursday.