Get all your news in one place.
100’s of premium titles.
One app.
Start reading
The New Daily
The New Daily
Matthew Elmas

Optus hacked: Millions of customers’ personal data exposed in huge cyber attack

Optus admits massive hack of customer data 10 News First – Disclaimer

Telecommunications giant Optus has admitted to a massive data breach that may have exposed the personal data of millions of their customers.

In a statement on Thursday, the telco revealed hackers gained access to a trove of current and former customer data.

Optus claimed no financial records were accessed, but admitted that personal information such as names, postal addresses, emails and ID records such as driver’s licences and passport numbers were exposed.

The New Daily understands Optus is still working out how many of its  customers have had their personal data exposed to criminals.

“We are devastated to discover that we have been subject to a cyber attack that has resulted in the disclosure of our customers’ personal information to someone who shouldn’t see it,” Optus chief Kelly Bayer Rosmarin said on Thursday.

“As soon as we knew, we took action to block the attack and began an immediate investigation.”

Optus failed to disclose when the hack occurred in its first statement, and when pressed by TND still failed to provide an exact time frame.

TND understands Optus alerted authorities and the public about the hack within 24 hours of establishing that information was compromised.

The Australian Federal Police and Office of the Australian Information Commissioner have been notified, Optus said.

Optus confirmed it began notifying authorities on Wednesday night.

The company has begun to notify customers it says are at “heightened risk” personally, through “proactive personal notifications”.

“Optus has also notified key financial institutions about this matter,” Ms Bayer Rosmarin said.

“While we are not aware of customers having suffered any harm, we encourage customers to have heightened awareness across their accounts, including looking out for unusual or fraudulent activity and any notifications which seem odd or suspicious.”

Optus was unable to provide an estimate of the scope of the attack on Thursday afternoon, citing an ongoing investigation. However, The Australian reported data of up to nine million customers was exposed.

About 2.8 million customers reportedly had all their personal information taken by hackers – including identification documents such as passport and licence numbers, while 7.8 million people had other data exposed, including dates of birth and telephone numbers.

Such information could be used by criminals to undertake identity theft or target customers with scams.

In a statement following news of the hack on Thursday, the Australian Competition and Consumer Commission’s ScamWatch service published a statement urging customers to be vigilant about scammers.

“If you are an Optus customer, your name, date of birth, phone number, email addresses may have been released,” ScamWatch said.

“For some customers identity document numbers such as driver’s licence or passport numbers could be in the hands of criminals.

“It is important to be aware that you may be at risk of identity theft and take urgent action to prevent harm.”

Federal authorities aid telco

Home Affairs and Cybersecurity Minister Clare O’Neil said federal authorities, including the Australian Cyber Security Centre, were providing Optus with advice and technical help.

“The Australian Signals Directorate’s Australian Cyber Security Centre has seen broad targeting of Australians and Australian organisations, through rapid exploitation of technical vulnerabilities by state actors and cyber criminals seeking to exploit weaknesses and steal sensitive data,” Ms O’Neil said on Thursday afternoon.

“All Australians and Australian organisations need to strengthen their cyber defences to help protect themselves against online threats.”

Liberal Senator James Paterson, former chair of the parliamentary committee overseeing intelligence and security, said on Thursday that the Optus hack could represent “one of the most serious cyber attacks ever suffered by an Australian business”.

“It is important to understand how this happened, who the attacker is, what mitigations can be made [and] what changes are necessary to prevent it from re-occurring.”

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.