Optus has suffered a massive cyber-attack, with customers’ personal details including names, dates of birth, addresses and contact details stolen.
The telecom suffered a data breach when hackers, believed to be working for a criminal or state-sponsored organization, accessed sensitive information by breaking through the company’s firewall.
The Australian Cyber Security Center is working with Optus to lock down its systems, secure all data from further breaches and track attackers. The Australian Federal Police and the Office of the Australian Information Commissioner have also been notified.
Optus has 9.7 million subscribers, according to publicly available data, but the company said it was still assessing the extent of the data breach.
The company confirmed information that may have been exposed included Optus customers’ names, dates of birth, phone numbers, email addresses and, for a group of customers, physical addresses and ID numbers such as driving license or passport numbers.
Optus said payment details and account passwords were not compromised, and services including mobile phones and home internet were not affected.
The company insisted that voice calls were not compromised and that Optus services remained safe to use and operate.
“We are horrified to discover that we have been subject to a cyber-attack which has resulted in our customers’ personal information being exposed to someone who should not be able to see it,” said Optus CEO Kelly Bayer Rosmarin.
“As soon as we found out, we took action to block the attack and immediately started an investigation. While not everyone may be affected and our investigation is not yet complete, we want all of our customers to be aware of what happened as soon as possible so they can increase their vigilance.
“We are very sorry and understand that customers will be concerned. Please be assured that we are working hard and cooperating with all relevant authorities and organizations to protect our customers as much as possible.
Sign up to Guardian Australia’s Morning Mail
Our Australian Morning Email Brief breaks down the key national and international stories of the day and why they matter
Privacy Notice: Newsletters may contain information about charities, online advertisements and content funded by external parties. For more information, see our Privacy Policy. We use Google reCaptcha to protect our website and the Google Privacy Policy and Terms of Use apply.
“Optus has also informed key financial institutions about this matter,” Bayer Rosmarin said.
“While we are not aware that customers have suffered any harm, we encourage customers to increase awareness of their accounts, including looking for unusual or fraudulent activity and any notifications that appear strange or suspicious.”
Home Affairs Minister Clare O’Neil said the Australian Cyber Security Center provides cyber security advice and technical assistance to Optus, and Australian companies and organizations are constantly targeted by cyber-attacks by cyber criminals and hostile nations.
“The Australian Signals Directorate’s (ASD) Australian Cyber Security Center (ACSC) has seen widespread targeting of Australians and Australian organizations through the rapid exploitation of technical vulnerabilities by state actors and cybercriminals seeking to exploit weaknesses and steal sensitive data.”
Comments are closed.