Request a Demo

Fill in the form below and we will contact you shortly to organised your personalised demonstration of the Noggin platform.

The Noggin Platform

The world's leading integrated resilience workspace for risk and business continuity management, operational resilience, incident & crisis management, and security & safety operations.

Learn More
Resilience Management Buyers Guide - Thumbnail
A Resilience Management Software Buyer's Guide
Access the Guide

Who We Are

The world’s leading platform for integrated safety & security management.

Learn More

Lessons Learned from the Optus Data Breach

Maybe you heard, but Optus, one of Australia’s largest telecoms, was recently the target of a massive data breach. The personal data of about 10 million customers were stolen. However, numbers alone didn’t make the Optus data breach such a massive incident. What did and what lessons can all companies take away from the Optus data breach? 

The Optus data breach

For starters, the very weekend of the hack, an anonymous user published data samples from the hack, demanding USD 1 million.

Soon thereafter, another 10,000 customer records were released.

The user then suddenly apologized and deleted the data sets. The data sets, however, were already out in the public domain.

What’s more, this user served to contradict the Optus’ assertion that the hack had been a sophisticated attack. Instead, the data had been pulled from an accessible software interface.

This was later corroborated by Australian Cyber Security Minister, Clare O’Neil. In an interview, she replied that the hack hadn’t been sophisticated at all, chiding Optus for “[having] left the window open for data of this nature to be stolen.”

Making matters worse, alongside names, birthdates, home addresses, contacts, passport identifiers, and driver’s license numbers, customer Medicare details had also been stolen. Indeed, almost 37,000 Medicare cards had been affected in the breach.

Download Best-Practice Strategies to Maintain Resilience amidst Complex Disruptions

The lesson to learn is prepare for an Optus data breach scenario

So, what then should we take away from the incident? You don’t have to just be a big brand to suffer a major reputational blow.

Nor was it just the size and scope of the breach but the company’s own crisis communications that exacerbated the incident.

And those crisis communications bespoke a lack of preparation to deal with such a complex disruption.

Unfortunately, it’s lack of preparation for complex disruption that’s becoming the norm in this resilience-challenged day and age.

What are we talking about?

Sure, surveys reveal increased adoption of resilience practices. For instance, over three quarters of organizations reported either having or developing an operational resilience program, according to a BCI survey.

But far from keeping pace with the deteriorating risk climate, the preparations many of these companies have in place remain inadequate.

Resilience practitioners, for their stead, are also sounding the alarm, worried that staffers don’t have the requisite knowledge or resources to lead the necessary transition to a more strategic, customer-centric resilience approach.

In the case of the Optus breach, specifically, media sources contend that crisis simulations at Optus focused on the network outage scenario to the detriment of the more complex, data breach scenario. That’s even though Optus’ own fillings called out cyber security as a significant risk, too, with a major data breach likely to trigger customer backlash, litigation, and fines.

Avoid the Optus data breach scenario by preparing for complex disruptions

What then can be done?

Tackling the complex data breach scenario requires getting serious about foreseeable, complex disruptions, especially those likely to last for long durations.

That requires tackling complex scenarios (whether large data breaches, pandemics, thorny reputational crises, or others) as standalone threats, i.e., by developing dedicated scenario plans for each.

What are the other common-sense organizational resilience arrangements to consider when addressing a possible Optus data breach scenario? Download our guide, Best-Practice Strategies to Maintain Resilience amidst Complex Disruptions, to find out.

Download Best-Practice Strategies to Maintain Resilience amidst Complex Disruptions