OPTUS

[Booney]

Beleaguered telco Optus has been slugged with a whopping $100m fine for exploiting hundreds of vulnerable Australians through what a court has described as “predatory” and “appalling” conduct.

The penalty was handed down in the Federal Court on Wednesday afternoon.

Between 2019 and 2023, the telco pushed sales on 400 vulnerable Australians by selling them products they did not want or need, or could not use or afford.

Many impacted were Indigenous Australians from regional and remote parts of the country.

Some lived with a mental disability, diminished cognitive capacity or learning difficulties, were financially dependent or unemployed and possessed limited financial literacy.

After the Australian Competition and Consumer Competition (ACCC) took Optus to court, the company admitted to the breach and agreed to the proposed penalty.

[Booney]

Optus chief executive Stephen Rue has blamed human error by his own tech and call centre staff for the failure to connect emergency calls that’s now linked to three deaths across South and West Australia last week.

Speaking at the telco’s North Sydney headquarters on Tuesday, Mr Rue dismissed politicians’ calls for his resignation after more than 600 calls to emergency services went unconnected due to a faulty systems upgrade that he suggested was not his responsibility.

“This is not about me,” he told a media conference in response to a question about his resignation.

“What we have here is lives that have been lost. What we have is a failure of triple-0, what we have is a process in call centres that’s not been followed. So what this is about is ensuring we have the facts, ensuring those facts are shared, and ensuring that what comes out of those facts is implemented.”

Three deaths

The telco chief who has been in the role since November 2024 said the network failed to connect because the first part of a three-stage process to upgrade a firewall failed due to unspecified staff members incorrectly following instructions.

“The process was not followed,” he said. “It should be reiterated the issue occurred because there was a deviation in the established process and it will determine why triple-0 calls did not divert.”

The telco chief executive added he had contacted police in Western and South Australia to ask if they felt it was appropriate for him to communicate with the family members of two dead Perth men, aged 74 and 49, and a 68-year-old woman in Adelaide.

“If the advice is it’s appropriate for me to reach out, it is my desire to do,” he said.

Independent review

On Tuesday Optus also announced it has appointed Kerry Schott AO to lead an Independent Review into the September 18 outage. The Independent Review is expected to be completed before the end of the year.

Mr Rue insisted the failings are not linked to insufficient investment into the Optus network in Australia and said Singapore-based owner Singtel had invested $9.3 billion into the business over the past five years.

“This is not an investment issue, this is people not following processes,” said Mr Rue of the telco’s failure to connect calls and escalate customers’ complaints that the calls were not being connected.

[Trader]

Been a good week for them.

[dedja]

Optus has repeated made many and the same mistakes over numerous incidents.

This sums it up perfectly:

One of the nation’s worst corporate failures began at 12:17am on Thursday when Optus launched a botched firewall upgrade in South Australia, locking out calls to triple-0 across the state, as well as Western Australia, Northern Territory and border regions in NSW.

But, Optus did not discover the severity of the problem until 1:30pm – 13 hours later – despite other telcos adopting routine procedures to spot red flags during software upgrades.

Australian telcos perform a couple of thousand changes in their network each week. With such a large volume, the propensity for things going wrong is high.

But, other carriers perform arrange of manual checks to ensure that the network is functioning as it should during upgrades, with triple-0 high on the list.

Optus has performed poorly in communicating the incident, were negligent in testing a scheduled change, did not react appropriately when they were alerted to issues, and show no sign of changing despite the prospect of further regulatory penalties.

The current CEO is trying to be transparent but is still falling well short of what is expected. The company has systemic issues that need to be addressed to minimise re-occurrence. The tech industry is no different to many others, it cannot guarantee 100% uptime and performance, but as long as effort is made to minimise such incidents, along with the testing and safety checks that are the norm, these incidents should be very rare and far between.

To be fair, other Telcos have also fallen short, but not in the repeated nature of Optus.

They survived previous incidents and were able to somehow mange the fallout, and together with a poor regulatory oversight and penalties, Optus will unfortunately weather this one as well.

[dedja]

Regarding the so-called Optus ‘Cyber attack’ in 2022, they weren’t hacked, but rather left the front door wide open for anyone with some reasonable tech skills to easily access the data that was left exposed.

How do I know? I was (and still am) an Optus customer, and was in FNQ when that 2022 incident was made public. I was easily able to find an open API online which I ran to extract my data from Optus. This enabled to me understand the nature of my data that was exposed.

The ‘Cyber attack’ involved running that same API for multiple customers; there was no security on it, no challenge, no nothing. As long as you had the API it would have been relatively easy to run a script to extract data for as many customers as you were willing to extract.

The fact that that API wasn’t locked down immediately after the incident, and was freely available online if you knew where to look, tells you everything about the way Optus operates.

The good thing for me was that I was able to identify my Driver’s Licence as the key ID document that was compromised, and was able to cancel and get a new one upon returning home. The SA govt made it an easy process, whilst other States failed miserably to assist those who were affected.

My passport wasn’t compromised, but I feel for those who had and the difficulty and expense they had to endure to replace theirs.

I know what you’re thinking, why am I still an Optus customer? Well, whatever data was breached in 2022 was easily managed (for me), and I’ve been able to get my mobile services (that's all I have with them) much cheaper than the other major Telcos. After dealing with Telstra for decades, both in a business and personal capacity, nothing Optus has done comes even remotely close to the way Telstra gouged and tortured their customers.

Also worth noting that I dealt with Optus in a business capacity a couple of years ago, and most of the people I was dealing with have been since retrenched. They are good people, so a massive cost cutting exercise.