Optus exposes customer’s silent listings

June 15, 2014 |

It would seem that Optus is a bit a jealous of of Telstra hogging all the limelight on the data breach/privacy interference stage for the last 3 years (see my post here, here and here though it has tried to show it was capable of poor data security – see article here).  So, as the Fairfax reports in Optus exposes customers’ silent listings it has managed to not only have a significant data breach of personal information of customer information but that of individuals who really don’t want their information publicised; those with silent numbers.   The very people who specifically ask for their phone details to be kept private have had them published online but also in print editions of the phone book. Those who especially are concerned for their privacy.  Sometimes for exceptionally good reasons, such as personal safety.

According to the story notices were sent out by letter on 2 June but Optus discovered the problem in April.  On the kindest assessment that is at least a 4 week delay.  With no mandatory data breach notification laws Optus doesn’t have to disclose of much of anything to the Privacy Commissioner or clients whose information was the subject of a data breach.  Given the Optus response to enquiries from Fairfax was at best a standard PR anodyne bland statement only hinting at what happened but stressing that “all necessary steps have been taken…” (whatever that means) highlights that a voluntary data breach response is essentially what the the organisation wants it to be. For Optus that means saying very little in bland pro forma (bare) apologies.  The one positive is that customers can change their numbers.

Now under the Privacy Act it is open for the Privacy Commissioner to undertake an own motion investigation and possibly get enforceable undertakings or take other actions. Even though Optus has decided to turn away from the good corporate citizen posture and disclose little to nothing it is clear that there has been a very significant breakdown in data handling practices.  There should have been some appropriate controls on the usage of silent numbers.  As often as not the problem is in the training of staff and the lack of controls.  A lack of privacy protection policies in the operational architecture of the business.  And given the business of Optus is essentially built on data that is a problem.

The article provides:

Optus says it mistakenly released an undisclosed number of customers’ names, mobile numbers and addresses to Sensis, which led to them being published in the White Pages.

The details exposed were of those who requested their number be kept silent, or private.

The telco, which began notifying customers about the issue last week, said it discovered the problem in April and took immediate steps to remove customers’ details from the White Pages online. But it says some customers’ information still appears in print editions of the phone book.

A portion of the letter Optus sent customers

A portion of the letter Optus sent customers

“Optus can confirm that a system configuration error has resulted in the numbers of some pre-paid mobile and mobile broadband customers being incorrectly listed in the White Pages,” the telco said in a statement to Fairfax Media on Friday afternoon. “All necessary steps have been taken to ensure personal information has been removed from online and operator-assisted directory listing services and from all future hard-copy editions of the White Pages.”

Optus refused to disclose to Fairfax how many customers were affected. At least three customers have reported on broadband forum Whirlpool being sent a letter about the issue.

“How incompetent can Optus get!” said one user on the forum.

“I’m a bit stressed that any random can type my name or mobile number and find where I live!”

“Not really good enough to just say ‘we are sorry’,” said another.

Optus said it had now fixed the issue that was causing private details to be sent to Sensis and was arranging a change of mobile number for customers affected, with all fees to do so waived.

“Optus is focused on making things better for our customers, which means being honest and transparent about our mistakes and fixing them when they occur,” the company said.

“Optus apologises to all customers who have been affected by this mistake.

“Customers who wish to change their number or speak directly with Optus about this matter should contact us on 1800 103 941 (Monday to Friday 9am-5pm AEST).”

The issue follows hundreds of thousands of Optus accounts being left vulnerable to phone hacking of voicemails, in a security flaw revealed by an 18-year-old university student.

One Response to “Optus exposes customer’s silent listings”

  1. Optus exposes customer’s silent listings | Australian Law Blogs

    […] Optus exposes customer’s silent listings […]

Leave a Reply

Verified by MonsterInsights