Get all your news in one place.
100’s of premium titles.
One app.
Start reading
AAP
AAP
Business
Rachael Ward and Phoebe Loomes

Optus emails customers over breach

Optus has begun contacting millions of customers affected by a massive data breach, more than 24 hours after alerting the media of the cyber attack.

Victims of the hack were emailed on Friday afternoon and told their names, birth dates, phone numbers, email addresses, driver's licence numbers, passport numbers and addresses had potentially all been accessed.

Optus also explained to customers why they may have learned of the breach via the news before hearing from the company.

"You would have seen we announced this first in the media," the telco wrote.

"We did this as it was the quickest and most effective way to alert you and all our customers, while also communicating the severity of the situation through trusted media sources."

Optus encouraged customers to have "heightened awareness" of their bank and other online accounts, and look out for scammers who may now have access to their personal information.

CEO Kelly Bayer Rosmarin on Friday apologised and said she felt terrible the attack happened on her watch.

"Obviously, I am angry there are people out there that want to do this to our customers. I'm disappointed we couldn't have prevented it," she said.

The company was still assessing the scale of the hack but staff believe the worst-case scenario is that 9.8 million customers have been affected.

While criminals or so-called state-based actors could be behind the cyber attack, Optus doesn't know who is responsible or their motivations.

Any user who has been with the company since 2017 could be impacted.

Ms Bayer Rosmarin said the public had been notified less than 24 hours after discovering the breach and the company was working closely with government authorities and federal police.

"This particular (cyber attack) is not similar to anything we've seen before and unfortunately it was successful," she said.

"It is too early to rule out any possibilities. So we're keeping it all open - it could be criminal and it could be state-based actors."

Optus has not identified where the hackers were located as their IP addresses kept moving between different countries in Europe.

There have been no ransomware demands, meaning they have not asked the company to pay them to return the data.

Opposition Leader Peter Dutton called on cyber security minister Clare O'Neil to tell Australians about the scale of the breach and whether ongoing threats were posed.

"This may well be the biggest data breach in Australia's history at nine or 10 million people ... we don't know much more detail than that because the minister Clare O'Neil is missing in action," he told reporters.

Liberal MP Karen Andrews will introduce a private member's bill on Monday designed to strengthen jail penalties for cyber extortion.

Australian Consumer and Competition Commission deputy chair Delia Rickard said the attack was extremely worrying due to the large amount of personal information fraudsters might be able to access.

"These are all the things that you need for identity theft and also all the things you need to personalise a scam and make it much more convincing," she told Nine's Today program earlier on Friday.

Optus said users' payment details and account passwords had not been compromised and it was working with the Australian Cyber Security Centre to limit the risk to both current and former customers.

Ms Rickard said any Optus customers who suspected they were victims of fraud should request a ban on their credit records and be wary of calls from people purporting to represent banks or government agencies.

Scamwatch advised Optus customers to secure their personal information by changing online account passwords and enabling multi-factor authentication for banking.

Affected customers should also place limits on bank accounts and monitor for unusual activity.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.