SINGAPORE - Singtel said on Monday that media reports citing potential fines or costs from the massive cyber breach that affected nearly 10 million accounts of its Australian unit Optus are "speculative" and the company is still making its own assessment.
"Singtel is continuing to evaluate the potential financial implications arising from this matter and any material development will be disclosed to the market on a timely basis," it said in a Singapore Exchange filing.
Singtel added: "While no legal notice of a class action has been received, lawyers have been engaged to advise. Any class action will be vigorously defended, if commenced."
At least two major law firms, Slater & Gordon and Maurice Blackburn, have said they are investigating a possible class action against Optus to claim compensation for people affected by the breach, Reuters reported.
Up to 9.8 million Australians were said to have had their personal data compromised in the breach, with three million or so having identity documents like passports or driving licences exposed, and 37,000 their Medicare cards.
The Sydney Morning Herald estimated last week that it could cost Optus up to A$661 million (S$610 million) to replace all three documents for those affected. Bloomberg reported that the data breach could cost Singtel between US$420 million (S$602 million) and US$560 million, wiping out more than a quarter of its annual profit.
In its Monday statement, Singtel said media reports citing potential fines or costs are "speculative at this juncture" and "advises that they should not be relied upon".
It also announced that Optus has appointed Deloitte to conduct an independent external review of the recent cyber attacks, and its security systems, controls and processes.
The review, which was recommended by Optus chief executive officer Kelly Bayer Rosmarin, was supported unanimously by the Singtel board, "which has been closely monitoring the situation with management since the incident came to light", Optus said.
As part of the review, Deloitte will undertake a forensic assessment of the cyber attack and the circumstances surrounding it.
Singtel shares were down two cents, or 0.75 per cent, at $2.64 as at 10.27am on Monday, after the release of its statement.
On Sunday, the Australian government dished out its harshest criticism yet against Optus, and blamed the telco for the breach that reportedly affected 40 per cent of the population.
It urged the company to speed up its notification to 10,200 customers whose personal information was released, with Home Affairs Minister Clare O'Neil saying in a televised news conference that it is important that Australians take as many precautions as they can to protect themselves from financial crime.
Optus said on Sunday that it was working closely with federal and state government agencies to determine which customers need to take any action, but was still seeking further advice on the status of customers whose details had expired.
The company also ran a full-page apology in major Australian newspapers last Saturday. An unidentified person later posted online that the hackers had released personal details of 10,000 Optus customers and would keep doing so daily until they received US$1 million.
The Australian police's operations to find the person or people behind the breach at Optus is “progressing well”, Ms O'Neil said. The police will provide an update this week.