Optus Data Breach May Affect Over 9 Million Customers

Australian telco Optus' logo on a wall

Australian telecom company Optus revealed on Thursday that a cyberattack may have exposed the personal information of some of its current and former customers.

While local media reported that the number of people affected by the breach could be up to nine million, Optus CEO Kelly Bayer Rosmarin told ABC News that it is too early to say precisely how many people were affected. However, she noted that it is a “significant number.”

Rosmarin said the Optus team noticed unusual activity on its servers late on Wednesday. After discovering it was a cyberattack, the company took immediate steps to shut down the breach.

Optus is working with the Australian Cyber Security Centre to limit the potential threats to customers. The company has also notified the police and privacy regulators.

“We are devastated to discover that we have been subject to a cyberattack that has resulted in the disclosure of our customers’ personal information to someone who shouldn’t see it,” Rosmarin said.

Optus offers various telecommunications services, including voice, wireless, and internet connectivity. As of 2019, Optus had over 10 million customers, making it the second-largest wireless carrier in Australia. Singtel, the Singapore-based telecom conglomerate, owns the company.

Details of Leaked User Data

Optus said the cyberattack possibly exposed customers’ names, dates of birth, phone numbers, and email addresses. Some customers also had sensitive information such as their addresses, driver’s licenses, and passport numbers leaked. According to The Australian, about 2.8 million Optus customers who had their data stolen fall into the second category.

Optus said the incident did not compromise any payment information and account passwords. The company also noted that the incident did not affect its services.

“Optus services remain safe to use and operate as per normal,” the company said.

Optus has urged its customers to watch out for any “unusual or fraudulent activity and any notifications which seem odd or suspicious.” However, the company said there is no evidence threat actors are actively using the stolen information to target customers.

Optus’ Response to the Cyberattack

Rosmarin said Optus released a statement to alert its customers about the breach, although its investigation is still ongoing. Optus would reach out to high-risk customers soon, she added.

Rosmarin refrained from divulging any information on the nature of the cyberattack and the responsible actor. These details are likely to come out after the authorities complete their investigation. However, The Australian speculated that the hacker may have exploited a weakness in Optus’ firewall.

Rosmarin pointed out that while the company would start notifying customers “quite soon,” there is not a lot customers can do apart from remaining vigilant. Malicious actors can use stolen information to carry out phishing attacks. High-risk customers are also vulnerable to identity theft.

We recommend checking out our articles on phishing and identity theft to learn more about how to protect yourself.

Technology policy researcher
Prateek is a technology policy researcher with a background in law. His areas of interest include data protection, privacy, digital currencies, and digital literacy. Outside of his research interests, Prateek is an avid reader and is engaged in projects on sustainable farming practices in India.