IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Australian telco Optus confirms cyber attack involving potential leak of sensitive customer data

Investigations are ongoing but early signs indicate that some customers may have had identity documents and other identifying information exposed to hackers

The second-largest wireless carrier in Australia, Optus, has confirmed cyber attack that may have resulted in the leaking of sensitive customer data. 

The telco said on Thursday morning that the potentially exposed data included customer names, email addresses, phone numbers, and dates of birth.

For a limited subset of potentially affected customers, passport and driving licence numbers may also be in the hands of the hackers, Optus said.

It’s currently unclear if data was definitely accessed or stolen by the hackers involved in the incident. The wording in the statement released by Optus differed from that of the CEO’s direct quotes supplied to the press. 

The statement alludes to a “possible unauthorised access of current and former customers’ information” while the CEO’s comments imply a more definitive conclusion. 

“We are devastated to discover that we have been subject to a cyber attack that has resulted in the disclosure of our customers’ personal information to someone who shouldn’t see it," said Kelly Bayer Rosmarin, CEO at Optus.

"As soon as we knew, we took action to block the attack and began an immediate investigation. While not everyone may be affected and our investigation is not yet complete, we want all of our customers to be aware of what has happened as soon as possible so that they can increase their vigilance. 

“We are very sorry and understand customers will be concerned. Please be assured that we are working hard, and engaging with all the relevant authorities and organisations, to help safeguard our customers as much as possible."

The telco confirmed that its services such as its mobile network and home internet products were unaffected by the incident and neither SMS messages nor voice calls have been compromised either. 

Optus also confirmed that it’s working with the Australian Cyber Security Centre, Australian Federal Police, the Office of the Australian Information Commissioner, key regulators, and financial institutions regarding the incident.

“While we are not aware of customers having suffered any harm, we encourage customers to have heightened awareness across their accounts, including looking out for unusual or fraudulent activity and any notifications which seem odd or suspicious,” said Rosmarin.

Related Resource

Storage's role in addressing the challenges of ensuring cyber resilience

Understanding the role of data storage in cyber resiliency

Whitepaper cover with title over a grey rectangle with header graphic and ESG logoFree Download

Customers believed to be at a “heightened risk” of becoming impacted by the incident may be offered third-party monitoring services, Optus said, and the company will be proactively notifying those affected.

When credentials and personally identifiable information are stolen from a company’s IT systems, the individuals affected are often more vulnerable to phishing attacks.

The more information made available to hackers that can be used to personalise attacks, and increase the perception of legitimacy, increases their effectiveness.

Stolen data may also be sold on the dark web, opening up impacted customers to fraud campaigns. The smaller subset of impacted customers who have had their identity documents such as passports and driving licences stolen may need to replace these as soon as possible. 

Featured Resources

Big data for finance

How to leverage big data analytics and AI in the finance sector

Free Download

Ten critical factors for cloud analytics success

Cloud-native, intelligent, and automated data management strategies to accelerate time to value and ROI

Free Download

Remove barriers and reconnect with your customers

The $260 billion dollar friction problem businesses don't know they have

Free Download

The future of work is already here. Now’s the time to secure it.

Robust security to protect and enable your business

Free Download

Recommended

US lawmakers warn Apple against using Chinese chips in next iPhone
components

US lawmakers warn Apple against using Chinese chips in next iPhone

23 Sep 2022
Philippine senate to probe incessant surge in text scams
phishing

Philippine senate to probe incessant surge in text scams

8 Sep 2022
US blocks CHIPS-funded companies from investing in China
Policy & legislation

US blocks CHIPS-funded companies from investing in China

7 Sep 2022
Japan investigates potential Russian Killnet cyber attacks
cyber warfare

Japan investigates potential Russian Killnet cyber attacks

7 Sep 2022

Most Popular

How to secure your hybrid workforce
Advertisement Feature

How to secure your hybrid workforce

23 Sep 2022
What your hybrid workforce needs from their laptops
Advertisement Feature

What your hybrid workforce needs from their laptops

21 Sep 2022
Cloud and cyber security certifications remain highest paying for IT professionals
Careers & training

Cloud and cyber security certifications remain highest paying for IT professionals

29 Sep 2022