Optus confirms customer data breach, says passport data may be affected

Data Breach
Image Credit: Shutterstock (Image credit: Shutterstock)

Optus, one of the biggest telecommunications services providers in Australia, has suffered a data breach, with sensitive information on its customers being exposed, the company has confirmed.

In an official announcement, Optus said that following the cyberattack, it started investigating the “possible unauthorized access” of both current, and former, customers’ information. 

Whoever was behind the attack stole plenty of sensitive identity information from the company’s endpoints, including customer names, dates of birth, phone numbers, as well as email addresses. Some customers have also had physical addresses, ID document numbers such as driver's licenses or passport numbers exposed, as well. Payment details and account passwords are safe, however. 

Optus breach

Optus did not state who was behind the attack, what the motives of the threat actor were, nor how the systems ended up being compromised (for example, with phishing, or malware). It did say that it managed to immediately shut the attack down.

It also declined to say how many customers might have been affected by the breach, but given its user base, the number could be as high as about 10 million individuals.

Key company services, such as mobile connectivity, home internet, messages, or voice calls have not been compromised. “Optus services remain safe to use and operate as per normal,” the announcement reasurres. 

Since the attack, Optus has brought in the Australian Cyber Security Centre in a bid to mitigate any risks to customers. The Australian Federal Police, the Office of the Australian Information Commissioner, and “key regulators” have also been notified of the attack.

"We are devastated to discover that we have been subject to a cyberattack that has resulted in the disclosure of our customers’ personal information to someone who shouldn’t see it," said Kelly Bayer Rosmarin, Optus CEO.

"As soon as we knew, we took action to block the attack and began an immediate investigation. While not everyone may be affected and our investigation is not yet complete, we want all of our customers to be aware of what has happened as soon as possible so that they can increase their vigilance. We are very sorry and understand customers will be concerned. Please be assured that we are working hard, and engaging with all the relevant authorities and organizations, to help safeguard our customers as much as possible."

Via: TechCrunch

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.