Singtel subsidiary hacked weeks after major Optus security breach

In a statement issued by Singtel, Dialog discovered the breach on 7 October, but the cyber attack took place 10 September. Singtel's Australian-based IT firm stressed that a "very small sample" of its data had been published on the dark web.

Dialog clients include major companies like National Australia Bank, airline Virgin Australia, and several state and federal government departments, according to its website. According to Bloomberg, Singtel, NCS, acquired Dialog in March for AU$325 million ($207 million).

"We are doing our utmost to address the situation and, as a precaution, we are actively engaging with potentially impacted stakeholders to share information, support and advice," Dialog's statement outlined.

Optus, Australia's second-largest telco and subsidiary of Singtel, disclosed a vast security breach last month that had exposed details of 9.8 million former and current customers. Described as one of the country's largest data hacks, concerns were high about wide-scale financial fraud as two million people had identity document numbers compromised.

With Optus already paying for replacement drivers' licences and passports, and total costs including bills and fines estimated to stretch into hundreds of millions of dollars, the hacks are set to become an expensive lapse for the Singapore company.

The Dialog hack has also raised questions about cyber security at the broader group, according to Bloomberg, due to the timeliness of breach disclosures, and whether the Singapore parent company is being deliberately targeted.

According to Singtel, however, there's no evidence that that the Dialog data breach is linked in any way to the recent Optus hack.

VIEW ALL

As threats continue to increase, the Singtel subsidiary hacks have indicated that Australian cyber companies must work together, ParaFlare strategic adviser, Major General (ret'd) Dr Marcus Thompson has noted in order to educate individuals and businesses on how to protect themselves.

"I’d like to see greater collaboration between cyber companies on the emerging threats, and a joint effort to educate Australians before we see the cyber Pearl Harbour security specialists have long talked about.

"Australians are lacking the education and resilience other countries, such as Estonia, have developed out of necessity as a result of major cyber attacks.

"Right now, Australians are confused, and vulnerable," Dr Thompson said.

As one of the country’s leading cyber security strategists, Dr Thompson has called for a consistent approach to cyber security, while speaking at Land Forces International Land Defence Exposition 2022 in Brisbane.

“We need a consistent approach to information shared with the public, and an agreement on the actions we all take, following a large-scale breach — such as Optus.

"A national cyber security summit, with lessons learned from major data breaches, would be a good start," Dr Thompson added.

"In the last few weeks, we’ve seen Optus, Telstra, and Defence targeted by cyber criminals and possibly nation state actors."

Major data breaches offer valuable lessons that need to be put into practice, Dr Thompson noted, and communication is key.

"Australian businesses are vulnerable right now.

"I’ve talked to many companies, and there’s a lot of soul searching happening in boards across the country in the wake of the Optus data breach.

"Every executive knows it could easily have happened to their business," Dr Thompson said.

Data protection law reform

The Optus breach would "be the pivotal moment that leads to privacy law regulation in Australia", according to Hall & Wilcox partner and head of cyber Eden Winokur in an interview with Cyber Security Connect's sister brand, Lawyers Weekly.

With reforms set to bolster privacy regulation and data protection laws, following the Singtel hacks exposing the personal information of millions of Optus customers. It serves as a timely reminder that many small and medium-sized enterprises (SMEs), including law firms, are "sitting ducks" when it comes to such attacks.

The Optus data breach has already resulted in two class action investigations and has been described by one national plaintiff firm as "potentially the most serious privacy breach in Australian history".

As Attorney-General Mark Dreyfus KC noted back in June, the Albanese government intends to move on reforms to privacy law during this term of Parliament and that "sweeping reforms are needed" to the Privacy Act in order to ensure that the legislation is fit for purpose in the digital age.

"Although privacy reform has been on the agenda for some time, this will likely be the landmark moment where Australia’s privacy data protection laws are changed — and this will drastically impact the Australian corporate sector," Winokur said.

With the government in support for reform, Dr Thompson has urged every Australian business to have a plan as cyber attacks continue to rise.

"When a cyber security breach happens, good communication with customers, staff, shareholders, and stakeholders at every stage is essential.

"Every Australian business should be reviewing their incident response plan, and testing what they would do — and how they would operate — in the event of a cyber attack or data breach.

"Don’t test your incident response plan in the middle of a cyber attack.

"The threats will continue to increase, and we will continue to be a target," Dr Thompson concluded.

[Related: SMEs should be on high alert for cyber threats]

Nastasha Tupas

Nastasha is a Journalist at Momentum Media, she reports extensively across veterans affairs, cyber security and geopolitics in the Indo-Pacific. She is a co-author of a book titled The Stories Women Journalists Tell, published by Penguin Random House. Previously, she was a Content Producer at Verizon Media, a Digital Producer for Yahoo! and Channel 7, a Digital Journalist at Sky News Australia, as well as a Website Manager and Digital Producer at SBS Australia. Nastasha started her career in media as a Video Producer and Digital News Presenter at News Corp Australia.