In its second comment on the breach at its Australian subsidiary, Optus, Singapore Telecommunications (Singtel) said that while assessing the potential costs, “media reports of potential fines or costs associated with the incident were premature”.
In a filing on the SGX, the company said it has engaged lawyers for “advice” and that “any class action will be vigorously defended if commenced”.
A Reuters report said at least two major law firms, Slater & Gordon and Maurice Blackburn, are investigating possible class actions against Optus to claim compensation for people affected by the breach.
According to initial reports, about 2.8 million customers had their personal details exposed in the attack.
Last week, an unidentified forum user posted online the personal details of 10,200 Optus customers.
The Australian government has urged customers who have been notified of that breach to cancel passports and other identification documents that may have been exposed.
The Singtel statement said Optus was “working closely with identity document issuing authorities to ascertain the appropriate next steps for customers”.
Singtel is continuing to evaluate the potential financial implications arising from this matter and any material development will be disclosed to the market on a timely basis, the statement added.
The Singapore telco said Optus was appointing Deloitte, with the support of the Singtel Board, to undertake an independent review of its cyber security systems.
As part of the review, Deloitte will undertake a forensic assessment of the cyberattack and the circumstances surrounding it.
Optus CEO Kelly Bayer Rosmarin, said the forensic review would play a "crucial role in the response to the incident for Optus, as it works to support customers".
She added that Deloitte’s global specialists will work with the Singtel and Optus teams and other international cyber experts.
"We will continue also to engage with relevant stakeholders".
