Optus, one of Australia’s largest telecommunications service providers, has suffered a data breach, with sensitive information about its customers exposed, the company has confirmed.
In an official statement, Optus said that following the cyber attack, it began investigating “possible unauthorized access” of both current and former customer information.
Whoever was behind the attack stole a lot of sensitive identity information from the company’s endpoints, including customer names, dates of birth, phone numbers, as well as email addresses. Some customers also had exposed physical addresses, identity document numbers such as driver’s licenses or passport numbers. However, your payment information and account passwords are safe.
Optus did not say who was behind the attack, what the attacker’s motivations were, or how the systems ended up being compromised (for example, by phishing or malware). He said he was able to immediately shut down the attack.
It also declined to say how many customers may have been affected by the breach, but given its user base, the number could be as high as 10 million people.
The company’s core services such as mobile connectivity, home internet, messaging or voice calls have not been compromised. “Optus services remain safe to use and are operating normally,” the statement reassured.
Following the attack, Optus has brought in the Australian Cyber Security Center in an effort to mitigate any risks to customers. The Australian Federal Police, the Office of the Australian Information Commissioner and “key regulators” have also been notified of the attack.
“We are devastated to discover that we have suffered a cyber-attack which has resulted in the disclosure of our customers’ personal information to someone who should not have seen it,” said Kelly Bayer Rosmarin, CEO of Optus.
“As soon as we became aware of this, we took steps to block the attack and launched an immediate investigation. While not everyone may be affected and our investigation is not yet complete, we want all of our customers to know what happened as soon as possible so they can increase their vigilance. We are very sorry and understand that customers will be concerned. Please be assured that we are working hard and cooperating with all relevant authorities and agencies to help protect our customers as much as possible.”
Via: TechCrunch (opens in new tab)