Singapore Telecommunications Ltd. could lose more than a quarter of its annual profit if it has to pay to protect its customers from one of Australia’s worst data breaches. SingTel’s mobile phone business in Australia, Optus, said last week that hackers got into the personal information of as many as 9.8 million customers.
That’s more than a third of the population. The government says that about 2.8 million of them lost information from passports, driver’s licenses, or government-issued medical ID cards. This raised concerns about large-scale identity fraud.
One week after the hack was made public, the size of the problem and the possible costs to Optus are getting bigger. Prime Minister Anthony Albanese said the company should pay for new passports, and the biggest states in Australia said Optus would pay for new driver’s licenses. Because of the breach, the government also plans to make laws about cybersecurity stricter.
Cyberattacks have become more common around the world. In more than a decade, at least 11.43 billion customer records from more than 200 companies have been made public. The Optus hack is being looked into by the Australian police and the Federal Bureau of Investigation in the US. Clare O’Neil, Australia’s Minister for Home Affairs and Cyber Security, said on Wednesday that the attack was “a big wake-up call” for business in Australia.
Latest Insights: Square Launches Tap To Pay On iPhone Support: Here’s How It Works
Ajay Unni, CEO and founder of the cybersecurity consulting firm StickmanCyber, said that each lost customer record costs a company that has been hacked $150 to $200 on average. This includes the cost of pay, legal fees, and public relations campaigns. “Some groups end up spending twice as much as that,” he said
“If that was only done for the 2.8 million Optus customers who were hurt the most, it would cost between $420 million and $560 million. SingTel, which owns Optus, made $1.44 billion in profit in the year ending in March.”
Unni says that Optus is also likely to spend money on training and making security tighter. At the same time, the Australian law firm Slater & Gordon Ltd. is looking into a class action against Optus and says it has received tens of thousands of registrations.
Do you know that Apple Says Hackers May Have Exploited Security Flaws on iPhones Ipad And Macs.
It’s hard to break down the costs of Optus. It has given the customers who have hurt the most a free 12-month subscription to Equifax, a service that checks your credit and protects your identity. That costs $14.95 a month, so if 2.8 million customers took advantage of the offer, it could theoretically cost $502 million ($326 million). Passports are the most expensive of the exposed IDs, but it’s not clear how many of them have been stolen. The cost of a replacement is $193.
Optus didn’t answer an email asking for a comment on possible costs or the estimate of between $420 million and $560 million. The company has said it’s sorry about the data leak. It said late Wednesday that 36,900 medical identification numbers were among the records that were exposed.
“The Australian government should have more power to make sure private companies follow cybersecurity laws,” O’Neil said. “That’s something I’ll try to do in the wake of the attack.”