Australia’s Optus is contacting customers caught in a cyber attack

A woman uses her mobile phone as she walks past an Optus store in Sydney, Australia February 8, 2018. REUTERS/Daniel Munoz/File Photo

Sign up now for FREE unlimited access to Reuters.com

Sept 24 (Reuters) – Australia’s number two telco Optus said on Saturday it was communicating with customers about a cyber attack that accessed the personal information of up to 10 million customers, in one of Australia’s biggest cyber security breaches.

Chief executive Kelly Bayer Rosmarin said on Friday she was angry and saddened that an offshore entity hacked into the company’s database of customer information, accessing home addresses, driver’s license and passport numbers equivalent to 40% of Australia’s population.

In an update on Saturday, the company, owned by Singapore Telecommunications Ltd ( STEL.SI ), said it was contacting “all customers to inform them of the impact of the previously announced cyber attack on their personal information.”

Sign up now for FREE unlimited access to Reuters.com

“We will start with customers whose ID number may have been compromised, all will be notified by today. We will notify unaffected customers last,” it said in a statement. “No passwords or financial details have been compromised.”

Optus said business customers appeared to be unaffected by the “sophisticated” hack, which it first informed customers about on Thursday.

The Sydney Morning Herald on Saturday reported that Optus was investigating a threat to sell the personal information of millions of customers online unless the company paid $1 million in cryptocurrency to the hackers.

Asked about the report, a spokesperson for the Australian Federal Police told Reuters police were aware of reports that stolen Optus customer data and credentials may be being sold through a number of forums “including the dark web”.

Optus said that as the attack was under police investigation, it “cannot comment on certain aspects of the incident”.

The company, declining to elaborate on how the attacker breached its security, said the attacker’s IP address – the unique identifier of a computer – appeared to move between countries in Europe.

Sign up now for FREE unlimited access to Reuters.com

Report by Sam McKeith. Edited by William Mallard

Our Standards: The Thomson Reuters Trust Principles.

Leave a Reply

Your email address will not be published. Required fields are marked *