Australian telecom company Optus revealed on Thursday that a cyberattack may have exposed the personal information of some of its current and former customers.
While local media reported that the number of people affected by the breach could be up to nine million, Optus CEO Kelly Bayer Rosmarin told ABC News that it is too early to say precisely how many people were affected. However, she noted that it is a “significant number.”
Rosmarin said the Optus team noticed unusual activity on its servers late on Wednesday. After discovering it was a cyberattack, the company took immediate steps to shut down the breach.
Optus is working with the Australian Cyber Security Centre to limit the potential threats to customers. The company has also notified the police and privacy regulators.
“We are devastated to discover that we have been subject to a cyberattack that has resulted in the disclosure of our customers’ personal information to someone who shouldn’t see it,” Rosmarin said.
Optus offers various telecommunications services, including voice, wireless, and internet connectivity. As of 2019, Optus had over 10 million customers, making it the second-largest wireless carrier in Australia. Singtel, the Singapore-based telecom conglomerate, owns the company.
Details of Leaked User Data
Optus said the cyberattack possibly exposed customers’ names, dates of birth, phone numbers, and email addresses. Some customers also had sensitive information such as their addresses, driver’s licenses, and passport numbers leaked. According to The Australian, about 2.8 million Optus customers who had their data stolen fall into the second category.
Optus said the incident did not compromise any payment information and account passwords. The company also noted that the incident did not affect its services.
“Optus services remain safe to use and operate as per normal,” the company said.
Optus has urged its customers to watch out for any “unusual or fraudulent activity and any notifications which seem odd or suspicious.” However, the company said there is no evidence threat actors are actively using the stolen information to target customers.
Optus’ Response to the Cyberattack
Rosmarin said Optus released a statement to alert its customers about the breach, although its investigation is still ongoing. Optus would reach out to high-risk customers soon, she added.
Rosmarin refrained from divulging any information on the nature of the cyberattack and the responsible actor. These details are likely to come out after the authorities complete their investigation. However, The Australian speculated that the hacker may have exploited a weakness in Optus’ firewall.
Rosmarin pointed out that while the company would start notifying customers “quite soon,” there is not a lot customers can do apart from remaining vigilant. Malicious actors can use stolen information to carry out phishing attacks. High-risk customers are also vulnerable to identity theft.