Customers’ personal data stolen as Optus faces massive cyber attack | Optus

Written by

Optus has suffered a massive cyber attack in which personal information about customers has been stolen, including names, dates of birth, addresses and contact details.

The telco suffered the data breach when hackers believed to be working for a criminal or state-sponsored organization gained access to the sensitive information by breaking through the company’s firewall.

The Australian Cyber ​​Security Center is working with Optus to lock down their systems, secure data against further breaches and track down the attackers. The Australian Federal Police and the Office of the Australian Information Commissioner have also been notified.

Optus has 9.7 million subscribers, according to publicly available data, but the company said it was still assessing the size of the data breach.

The company confirmed information that may have been disclosed included Optus customers’ names, dates of birth, phone numbers, email addresses and, for a group of customers, physical addresses and identification document numbers such as driving license or passport numbers.

Optus said payment details and account passwords have not been compromised and services including mobile phones and home internet were not affected.

The company insisted that voice calls had not been compromised and that Optus services remained safe to use and operate.

“We are devastated to discover that we have been subject to a cyber attack that has resulted in the disclosure of our customers’ personal information to someone who should not see it,” said Optus CEO Kelly Bayer Rosmarin.

“As soon as we knew, we took action to block the attack and began an immediate investigation. While not everyone may be affected and our investigation is not yet complete, we want all of our customers to be aware of what is happened, as soon as possible, so that they can increase their vigilance.

“We are very sorry and understand that customers will be concerned. Please be assured that we are working hard and cooperating with all relevant authorities and organizations to help protect our customers as much as possible.

“Optus has also notified key financial institutions of this matter,” Bayer Rosmarin said.

“While we are not aware of any harm to customers, we encourage customers to exercise increased awareness across their accounts, including keeping an eye out for unusual or fraudulent activity and any notifications that seem strange or suspicious.”

Home Affairs Minister Clare O’Neil said the Australian Cyber ​​Security Center provided cyber security advice and technical assistance to Optus and that Australian businesses and organizations were consistently targeted by cyber attacks by cyber criminals and hostile nations.

“The Australian Signals Directorate’s (ASD) Australian Cyber ​​Security Center (ACSC) has seen widespread targeting of Australians and Australian organizations through the rapid exploitation of technical vulnerabilities by state actors and cybercriminals seeking to exploit weaknesses and steal sensitive data.”

The Office of the Australian Information Commissioner issued a statement late Thursday saying it was working with Optus “to ensure compliance with the requirements of the Notifiable Data Breach (NDB) scheme.

“Under the NDB scheme, organizations covered by the Privacy Act must notify affected individuals and the OAIC as soon as possible if they experience a data breach that is likely to result in serious harm to individuals whose personal information is involved,” the OAIC said.

“The NDB scheme ensures that individuals are informed and can take steps to protect themselves from any further risk. Following a breach, individuals should be aware of any suspicious or unexpected activity on their personal accounts or devices.”

About the author

Leave a Comment