Singtel Sets Aside AUD140mn to Cover Cost of Optus Privacy Breach

The enormous breach of personal data relating to 10 million current and former customers of Australian mobile operator Optus has forced its parent company, Singtel, to make a whopping provision for exceptional costs in the company’s accounts. Singtel’s announcement of results for the first half of their financial year included an allocation of AUD140mn (USD95mn) to clean up the mess left after the breach. Their press release stated there would be a…

…programme of customer actions, including an external independent review, third-party credit monitoring services and the replacement of identification documents where needed.

Yuen Kuan Moon, Group Chief Executive Officer of Singtel (pictured), sought to emphasize how hard the business would fight to restore the reputation of Optus.

We know there is much work to be done to regain the trust and confidence of our customers in Australia in the wake of the cyber attack. We view this matter very seriously as cyber security and the protection of our customers’ information is of critical importance to the Singtel Group. While the cyber attack has regrettably interrupted Optus’ momentum at the end of the first half, we expect Optus to come back stronger.

Nevertheless, the group reported a 1 percent rise in operating revenues for Optus, driven by an increase in prices, a bounce back in roaming following the relaxation of travel restrictions, and improved sales of high-end devices. The business also reported that the number of customers for Optus’ mobile services had risen since the beginning of the financial year. This conflicts with a survey that claimed 10 percent of Optus customers had churned to other networks since the breach.

My guess is that many customers will be upset and state their intention to switch providers after a major privacy breach but rarely follow through in practice. The result is that executives conclude that fundamental changes in their security philosophy are never required. They believe most customers will be satisfied with a short-lived remediation program plus soothing words. The provision made to cover the costs of this breach is not cheap, though it only equates to a one-off hit of AUD14 (USD9.50) per customer. Losing 10 percent of customers would have hurt Optus far more. And yet, our industry still will not learn the lesson that approving the additional spending required to prevent breaches before they occur would be the best way to save money in the long run.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.