Today host Karl Stefanovic has blasted the response from Optus after as many as 10 millions customers were impacted by a massive data breach.
News of the breach broke on Thursday, with Optus admitting current and former customers may have had private information stolen, including passport and driver's licence details.
On Friday, Stefanovic discussed the breach with Australian Consumer and Competition Commission deputy chair Delia Rickard.
He said he was "flabbergasted" at the telco's delayed response in light of the breach, where customers were not directly told about it.
"I can't fathom why it took more than 24 hours for this company to even notify customers and then they come out, their PR is as weak as it gets," he said.
Ms Rickard told the Today show the breach was particularly concerning given the nature of the personal data fraudsters might be able to access.
Criminals may have access to people's names, addresses, emails and in some cases passports and driver's licence details.
"These are all the things that you need for identity theft, and also all the things you need to personalise a scam, and make it much more convincing," she said
Optus said users' payment details and account passwords had not been compromised, and it was working with the Australian Cyber Security Centre to limit the risk to both current and former customers.
What Optus customers should do
In the wake of the breach, there are a few things Optus customers can do to ensure they are not compromised.
Scamwatch has advised Optus customers to secure their personal information by changing online account passwords.
Rickard said people should ensure all their devices are secure and that they have two-factor authentication for their banking. Get a ban on your credit records if you suspect fraud.
People should also check their accounts regularly to watch for any purchases they did not make.
Scams might be extra convincing given how much data is potentially out there for so many people, so people need to be extra sceptical if they receive calls from someone saying they're from the bank, for example.
"They'll know your name, they'll know your age, they'll be able to personalise scams," she said.
"We know that when somebody calls you and has your name and has a few details, you're much more likely to trust them. So I think to be highly sceptical as well."
Optus CEO says company is 'devastated'
Optus CEO Kelly Bayer Rosmarin said in a statement on Thursday the company was "devastated" there had been a breach.
"As soon as we knew, we took action to block the attack and began an immediate investigation," she said.
"While not everyone may be affected and our investigation is not yet complete, we want all of our customers to be aware of what has happened as soon as possible so that they can increase their vigilance.
"We are very sorry and understand customers will be concerned. Please be assured that we are working hard, and engaging with all the relevant authorities and organisations, to help safeguard our customers as much as possible."
Do you have a story tip? Email: email@example.com.