- Optus hires Deloitte to investigate cyberattack
- Optus says 2.1 mln customers may need to replace documents
- Singtel lines up lawyers
MELBOURNE, Oct 3 (Reuters) - Singapore Telecommunications (STEL.SI) said on Monday it was assessing the potential cost of a massive cybersecurity breach at its Optus arm, Australia's second-largest telco, 12 days ago.
In its second comment on the breach of private data from 10 million accounts, Singtel sought to clarify reports it could face a huge compensation bill.
It said it had not received any legal notice of a class action lawsuit but has engaged lawyers to advise it.
"Any class action will be vigorously defended, if commenced," Singtel said in a statement.
The Australian government has blamed Optus for the breach, which affected the equivalent of 40% of Australia's population, saying customers were exposed to financial crime and pressing the company to do more to notify those affected.
Last week, an unidentified person posted online that they had released personal details of 10,000 Optus customers.
"Singtel is continuing to evaluate the potential financial implications arising from this matter and any material development will be disclosed to the market on a timely basis," the company said.
At least two major law firms, Slater & Gordon and Maurice Blackburn, have said they are investigating a possible class action against Optus to seek compensation for people affected by the breach.
Optus on Monday said it had appointed Deloitte to run an independent external review of the cyberattack.
"While our overwhelming focus remains on protecting our customers and minimising the harm that might come from the theft of their information, we are determined to find out what went wrong," Optus Chief Executive Officer Kelly Bayer Rosmarin said in a statement released by Singtel.
Of the 10 million accounts that were breached, 2.1 million customers had had an identity document number exposed where they may need to take action to replace documents, she said in a video message on the company's web site late on Monday.
She said the 10,000 people whose data had briefly been released online had all been informed by the company, and it was working closely with the police to protect them.
"To our knowledge, there is no other release of the information of the customers that have been exposed," Bayer Rosmarin said.
In comments to the Sydney Morning Herald, she said it was too early to describe the nature of the attack, which Home Affairs Minister Clare O'Neil described as "basic" rather than sophisticated.
"There has been no review and no report on the nature of what has occurred," Bayer Rosmarin was quoted as telling the newspaper.
Our Standards: The Thomson Reuters Trust Principles.