The vacant chatter of colleagues echoed across the office floor. Nothing unusual for a regular morning, a few minutes shy of nine, as the last of the wanderers – frazzled parents and late‑for‑the‑train folk – hurriedly unpacked their laptops and repositioned their chairs. What was usually a few minutes spent recounting toddler tantrums or complaining about yet another stretch of road being chiselled as part of Victoria’s endless road upgrades was instead replaced with murmurs of the recent admission of a data security breach announced by Optus, Australia’s number two telco.

According to reports, Optus suspected the breach on Tuesday, and by Thursday, they had made a public announcement and begun informing customers.
That’s pretty swift really — just enough time to confirm suspicions, bring executives and boards together for briefing, and ensure the hole these criminals had found was plugged. For a breach so significant, their communications timing was valid. But it didn’t stop media coverage from doubling down on the speed or transparency, or lack thereof, from Optus executives.

It was a sophisticated attack. Those responsible gained unauthorised access to customer names, addresses, dates of birth, phone numbers and, in some cases, personal identification like licences and passport numbers. Yet the chatter around me that day was not “how could this happen?” or “what will they do with my information?” Instead, it was humphs and grumps of general annoyance. References to needing to reshare personal information with the telco or worse, the need to “visit a branch” so their service continued uninterrupted. The breach was monumental, but the everyday frustrations were what people voiced most loudly.

So how does an issue so significant impact the bottom line?

Not much, apparently. Optus reported earnings of A$2.2 billion in FY2025, up from A$2.1 billion in FY2022, the year of the cyberattack, and they remain on track to grow year‑on‑year in FY26.

The reputational impacts, however, are immense. In FY2022, Optus ranked #17 on Roy Morgan’s list of most distrusted brands. By June 2023, they were ranked first, overtaking Facebook/Meta, and they held that title again in 2024. Great if you like awards, not so great if you’re running a multi‑billion‑dollar business with millions of customers relying on you. Distrust lingers long after the initial pain. As customers, we move on, we forgive – but do we forget? Rarely.

Although Optus revenue and earnings have held steady, the lingering effect is customer intolerance. Poor network quality while trying to Snapchat at a party, losing a coworker’s voice during a call in a traffic tunnel, or worse – calling Triple Zero in a life‑or‑death emergency only to hear fatal beeps signalling your call won’t connect, as tragically happened in September 2025. These are the moments that stick. They become the stories we tell each other, the quiet reminders that trust once broken is hard to rebuild.

In highly concentrated markets like telco, energy and insurance – the power dynamic is clear. They lead, we submit. We tolerate basic service in exchange for reasonable prices. [Australia’s data costs per GB are cheaper than the US and UK, and energy costs are broadly similar]. If things work, we get along. But liking the company? That’s another matter.

So what must a multi‑billion‑dollar company do to regain trust? A lot. More than any new entrant. Companies must delight customers, over‑deliver, admit fault, be available, and do what they say. Sounds like the laundry list for a perfect partner – and the making of all great relationships.

None of us are perfect. But can big companies be forgiven if they knuckle down, learn from failings, put others first, and just do better? Optus certainly hopes the answer is a big neon “yes”.

Author: Amelia Collins