Optus, one of Australia’s largest providers of telecom services, has suffered a data breach that has exposed sensitive information about its customers, the company has confirmed.
In an official announcement, Optus said it began investigating “possible unauthorized access” to current and former customer information following the cyberattack.
Whoever was behind the attack stole a large amount of sensitive identity information from the company’s endpoints, including customer names, dates of birth, phone numbers, and email addresses. Physical addresses, ID document numbers such as driver’s license or passport numbers were also disclosed for some customers. However, payment details and account passwords are secure.
Optus did not disclose who was behind the attack, what the attacker’s motives were, or how the systems were compromised (e.g., through phishing or malware). It was said that it was possible to call off the attack immediately.
It also declined to say how many customers could be affected by the breach, but given its user base, the number could be as high as around 10 million people.
Critical business services such as mobile connectivity, home internet, messaging or voice calls were not impacted. “Optus services can continue to be used securely and operated as usual,” affirms the announcement.
Since the attack, Optus has engaged the Australian Cyber Security Center to mitigate any risks to customers. The Australian Federal Police, the Australian Information Commissioner’s Office and “key regulators” were also notified of the attack.
“We are devastated to discover that we have been subjected to a cyberattack that resulted in our customers’ personal information being leaked to someone who should not see it,” said Kelly Bayer Rosemary, CEO of Optus.
“As soon as we knew, we took action to block the attack and launched an immediate investigation. While not everyone may be affected and our investigation is ongoing, we want all our customers to know what happened as soon as possible so they can increase their vigilance. We are very sorry and understand that customers will be concerned. Please rest assured that we are working hard and collaborating with all relevant authorities and organizations to protect our customers as best we can.”
Via: TechCrunch (opens in new tab)
https://www.techradar.com/news/optus-confirms-customer-data-breach-says-passport-data-may-be-affected Optus confirms customer data breach, says passport data may be affected