Singtel executives fronted a Senate inquiry, categorically denying explosive allegations that a secret ransom was paid to hackers following the massive 2022 Optus data breach that exposed personal information of 9.8 million Australians, amid ongoing inquiry into the telco's operational failures.
Joint advisory by Australian, New Zealand, and Tongan cyber authorities warns of rising INC Ransom attacks on critical infrastructure. The RaaS group has breached 11 Australian organisations, mainly in healthcare and professional services.
Microsoft’s March 2026 Patch Tuesday fixes 83 flaws, including three critical Office vulnerabilities exploitable through the Preview Pane that allow code execution without opening files, and a Copilot-linked Excel bug that could leak data. The ACSC urges immediate patching under the Essential Eight.
Singtel executives fronted a Senate inquiry, categorically denying explosive allegations that a secret ransom was paid to hackers following the massive 2022 Optus data breach that exposed personal information of 9.8 million Australians, amid ongoing inquiry into the telco's operational failures.
Cyber News Centre's cyber update for 13th March 2026: Optus's parent company, Singtel, has fronted a parliamentary inquiry, forcefully denying allegations that it paid a secret ransom to hackers following the catastrophic 2022 data breach.
Optus is Australia's second-largest telecommunications company, providing mobile, internet, and other services to over 11 million customers. It has been a wholly-owned subsidiary of Singaporean telecommunications giant Singtel since 2001.
Update: In a tense Senate committee hearing today, Singtel board directors Gail Kelly and John Arthur unequivocally denied claims that a ransom was paid to the criminals behind the 2022 Optus data breach. The explosive allegation, first reported by The Nightly, suggested senior Australian officials suspected a covert payment was made to prevent the release of 9.8 million customers' data.
The hacker, who initially demanded $1 million, mysteriously withdrew their threats and claimed to have deleted the data. Ms. Kelly told the inquiry,
"Singtel unequivocally, unambiguously says no, no ransom was paid, and similarly, no, no discussion was ever held (by the board) on such a matter."
The executives were appearing as part of a broader inquiry into the September 2025 triple-zero outage, another major operational failure for the telco. The 2022 breach itself stemmed from a simple but critical error: a publicly exposed, unauthenticated API that allowed attackers to scrape customer data unimpeded. The denial of a ransom payment leaves the hacker's sudden change of heart an unresolved mystery, with Ms. Kelly admitting, "We just don't know" why the attacker backed down.
Why it Matters: This public denial under parliamentary privilege puts Singtel's corporate integrity on the line. If evidence of a payment ever surfaced, the reputational and legal fallout would be immense, shattering trust with the Australian public and government.
The allegation itself, reportedly originating from within Australian intelligence circles, highlights a deep-seated mistrust between the government and the foreign-owned critical infrastructure provider. For Australian businesses, this saga is a stark reminder of the lose-lose nature of ransomware. Paying a ransom offers no guarantees and fuels the criminal ecosystem, yet refusing can lead to catastrophic data exposure. The unresolved mystery of the hacker's retreat does little to build confidence in Optus's ability to manage a crisis or be transparent with the public.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Joint advisory by Australian, New Zealand, and Tongan cyber authorities warns of rising INC Ransom attacks on critical infrastructure. The RaaS group has breached 11 Australian organisations, mainly in healthcare and professional services.
Microsoft’s March 2026 Patch Tuesday fixes 83 flaws, including three critical Office vulnerabilities exploitable through the Preview Pane that allow code execution without opening files, and a Copilot-linked Excel bug that could leak data. The ACSC urges immediate patching under the Essential Eight.
A Western Australian government audit has exposed critical Microsoft 365 security failures across seven state entities, leading to a data breach that leaked information on minors and a separate business email compromise incident resulting in the theft of $71,000 through fraudulent invoices.
Google's March 2026 Android update patches a critical zero-day (CVE-2026-21385) in Qualcomm chips used in hundreds of millions of devices. The flaw, under active exploitation, allows privilege escalation and system compromise, posing a significant risk to users.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
