Australian telco Optus confirms cyber attack involving potential leak of sensitive customer data

Optus logo appearing on a smartphone
(Image credit: Getty Images)

The second-largest wireless carrier in Australia, Optus, has confirmed cyber attack that may have resulted in the leaking of sensitive customer data.

The telco said on Thursday morning that the potentially exposed data included customer names, email addresses, phone numbers, and dates of birth.

For a limited subset of potentially affected customers, passport and driving licence numbers may also be in the hands of the hackers, Optus said.

It’s currently unclear if data was definitely accessed or stolen by the hackers involved in the incident. The wording in the statement released by Optus differed from that of the CEO’s direct quotes supplied to the press.

The statement alludes to a “possible unauthorised access of current and former customers’ information” while the CEO’s comments imply a more definitive conclusion.

“We are devastated to discover that we have been subject to a cyber attack that has resulted in the disclosure of our customers’ personal information to someone who shouldn’t see it," said Kelly Bayer Rosmarin, CEO at Optus.

"As soon as we knew, we took action to block the attack and began an immediate investigation. While not everyone may be affected and our investigation is not yet complete, we want all of our customers to be aware of what has happened as soon as possible so that they can increase their vigilance.

“We are very sorry and understand customers will be concerned. Please be assured that we are working hard, and engaging with all the relevant authorities and organisations, to help safeguard our customers as much as possible."

The telco confirmed that its services such as its mobile network and home internet products were unaffected by the incident and neither SMS messages nor voice calls have been compromised either.

Optus also confirmed that it’s working with the Australian Cyber Security Centre, Australian Federal Police, the Office of the Australian Information Commissioner, key regulators, and financial institutions regarding the incident.

“While we are not aware of customers having suffered any harm, we encourage customers to have heightened awareness across their accounts, including looking out for unusual or fraudulent activity and any notifications which seem odd or suspicious,” said Rosmarin.


Storage's role in addressing the challenges of ensuring cyber resilience

Understanding the role of data storage in cyber resiliency


Customers believed to be at a “heightened risk” of becoming impacted by the incident may be offered third-party monitoring services, Optus said, and the company will be proactively notifying those affected.

When credentials and personally identifiable information are stolen from a company’s IT systems, the individuals affected are often more vulnerable to phishing attacks.

The more information made available to hackers that can be used to personalise attacks, and increase the perception of legitimacy, increases their effectiveness.

Stolen data may also be sold on the dark web, opening up impacted customers to fraud campaigns. The smaller subset of impacted customers who have had their identity documents such as passports and driving licences stolen may need to replace these as soon as possible.

Connor Jones

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.