At a glance.
- Optus customers react to massive data breach.
- Does surveillance tech actually improve productivity?
Optus customers react to massive data breach.
As we noted last week, Australian wireless carrier Optus, a subsidiary of Singapore Telecommunications, is contending with a cyberattack that potentially exposed the data of its entire customer base, resulting in one of the largest data breaches in Australian history. 9News reports that over the weekend a ransom note appeared on an online data breach forum in which a user threatened to sell millions of Optus customer details if the company fails to pay $1.53 million within the next week. The Australian Federal Police have responded by launching an investigation to determine the legitimacy of the note, and Optus has declined to comment, stating, "Given the investigation, Optus will not comment on the legitimacy of customer data to be held by third parties and urges all customers to exercise caution in their online transactions and dealings.”
Reuters reports that Optus began notifying customers impacted in the breach on Friday afternoon, about twenty-four hours after the attack was first reported. "We will begin with customers whose ID document number may have been compromised, all of whom will be notified by today. We will notify customers who have had no impacts last,” Optus stated. But, as the Guardian notes, many customers are less than pleased with Optus’ response, and some recipients said they felt the letter was a “condescending” effort at damage control and put all responsibility on the customer to safeguard their data after what many view as Optus’ mistake. SBS News reports that many customers have pledged to stop using the company’s services and demand compensation, with one Twitter user posting, “After over fifteen years of being a loyal @Optus customer, it's finally time for me to switch…They do not deserve business from Australians.” Because Optus retains customer data for up to seven years, many of the individuals potentially impacted by the breach are former customers who are wondering why the company was still in possession of their data at all. Other customers say they have still not been contacted by Optus, leaving them uncertain as to whether their data was compromised. Ten-year Optus customer Chrisy Lekkas told the Sydney Herald, “I haven’t received any information from Optus. It is scary. I am worried about my data.” For customers concerned about how to proceed, Guardian offers advice on determining if they were impacted and what to do next.
Many are looking for someone or something to blame, and Justin Warren, chair of Electronic Frontiers Australia and managing director of PivotNine Consulting, says the breach was the result of a combination of security failures, including Optus’ choice to store sensitive personal data alongside non-sensitive data. Warren noted, “The API endpoint shouldn't have been publicly visible to the internet, it shouldn't have been accessible without any kind of authentication. You shouldn't have been able to traverse it piece by piece for customer-identifying records. You shouldn't be able to do it at the scale that it happened to be able to extract the data outside of the secured environment.” He added that while Optus made mistakes, the government also had a part of play. “Government needs to stop passing laws that require government agencies and corporations to collect private information they can’t keep safe and secure,” he said.
Does surveillance tech actually improve productivity?
ZDNet takes a look at the risks that come with the use of employer surveillance software. As the pandemic forced many employees out of corporate buildings and into home offices, companies increased their use of surveillance tech to keep tabs on workers’ activities and maximize productivity. The fact is that this software offers varying levels of privacy, and proponents argue that such monitoring does little to improve workers’ efficiency. Antonio Aloisi, a professor at the IE University in Madrid and co-author of "Your Boss Is An Algorithm,” recently told the Wall Street Journal, “There is definitely no study pointing out that this increases productivity in any meaningful way.” Some critics argue that an employee’s knowledge that they’re being spied on might actually worsen their ability to complete their job, and the reliance on such software raises questions about an employer’s management skills.