Mark Newton@NewtonMark@eigenmagic.net
Three years after Optus published their customer database on one of their websites, OAIC is finally getting around to suing them.
No rush.
https://www.9news.com.au/national/optus-australia-aic/428db1f0-25d0-4b91-a755-2956ba853e67
Very important to be clear-headed about the difference between Optus’ rhetoric and what actually happened.
They made their customer database available on an unauthenticated API on a public website. It was barely a “hack” when nefarious individuals started making calls against that API and downloaded all their customer data.
To call it a “hack” is to shift culpability from where it belongs (Optus) to unknown actors out on the internet. Can’t do anything about it, it’s just in the air. Those dastardly hackers.
Nobody could have downloaded that PII if Optus didn’t publish it. Grown-up companies with professional leadership have safeguards against that kind of thing.
Optus didn’t.