Reports suggest up to 2.8 million Australians have been implicated in the cyber security breach, which could have leaked information such as passport and license numbers, email and home addresses, dates of birth and phone numbers.
Payment details and Optus account passwords were not compromised.
The breach involves both former and current customers of Optus.
In a statement, Optus said it “immediately shut down” the attack when it became aware of the breach and the Australian Federal Police has been notified.
“We are devastated to discover that we have been subject to a cyber attack that has resulted in the disclosure of our customers’ personal information to someone who should not see it,” said Kelly Bayer Rosmarin, Optus CEO.
“As soon as we knew, we took steps to block the attack and began an immediate investigation.
“While not everyone may be affected and our investigation is not yet complete, we want all our customers to be aware of what has happened as soon as possible so they can increase their vigilance.
“We are very sorry and understand that customers will be concerned. Please be assured that we are working hard and engaging with all relevant authorities and organizations to help protect our customers as much as possible.”
Rosmarin said the telco is not yet aware of any customers suffering damage as a result of the breach.
“Optus has also notified key financial institutions about this matter,” she said.
“While we are not aware of any harm to customers, we encourage customers to have increased awareness across their accounts, including being aware of unusual or fraudulent activity and any notifications that seem strange or suspicious.”
Existing services such as mobile and home internet are not affected and customers’ messages and voice calls have not been compromised.
Optus says services remain safe to use and operate as normal
For customers with specific concerns, they can contact Optus via the My Optus app (which remains the safest way to interact with Optus) or by calling 133 937. Optus will not send links in any emails or SMS – messages.