Millions of Australians had their personal details compromised in a major cyber attack on Optus.
The telecommunications company confirmed the data breach in a statement Thursday afternoon after Australian It revealed that around nine million Australians could be affected.
“Information that may have been disclosed includes customer names, dates of birth, phone numbers, email addresses, a subset of customers, addresses, and identification document numbers such as driver’s license or passport numbers,” the statement said.
“Payment details and account passwords were not compromised.”
Nearly 2.8 million customers took all their details in the attack, which is believed to have been triggered by a weakness in the carrier’s firewall, Australian mentioned.
About 7 million people have information such as dates of birth, email addresses and phone numbers taken by hackers.
The breach affects current and former Optus customers.
Chief Executive Officer Kelly Beyer-Rosmarin said the telecom company immediately acted to stop any further action after learning of the attack, and authorities were called in to help investigate the source.
“We are very sorry and understand that customers will be concerned,” she said.
“Please be assured that we are working hard, working with all relevant authorities and organizations, to help protect our customers as much as possible.
Optus has also notified major financial institutions about this. While we are not aware that customers have suffered any harm, we encourage customers to raise awareness across their accounts, including to look for any unusual or fraudulent activity and any notices that appear strange or suspicious.”
Optus said its services have not been affected by the breach and will remain safe to use, with messages and voice calls untouched.
Customers have taken to social media to say the carrier has not yet contacted them to inform them of the breach.
Check emails. Dave Early, Guardian audience editor, said on Twitter: “Nothing Optus tells me about this.
Another Twitter user said: “It’s horrible that customers find out via the media and not through Optus.”
Optus said it will send “proactive personal notifications” to customers who have identified they face an “increased risk,” but says it will not send any links in emails or SMS messages.
The carrier has asked customers to head to their website for information or contact them with any concerns.
The Australian Federal Police (AFP) has been notified of the incident but no referral has yet been made.
A spokesperson for NCA NewsWire said, “AFP is aware of the incident but cannot comment further.”
The federal government has been informed of the situation, with the Australian Cyber Security Center providing security advice and technical assistance.
Optus-owned carriers do not appear to have been affected, with an Amaysim spokesperson telling NCA NewsWire that the company has not suffered a breach.
Australian individuals and organizations have been targeted “by the rapid exploitation of technical vulnerabilities by government agencies and cybercriminals who seek to exploit vulnerabilities and steal sensitive data,” said the Office of Cyber Security Representative Claire O’Neill.
“These deeply disturbing reports represent one of the most serious cyber attacks ever experienced by an Australian company,” the Minister for Cyber Security, Senator James Patterson, said on Twitter.
The internet goes after #Gladys
The words “Optus” and “Gladys” appeared at the top of the list of trends on Twitter following Thursday’s major Telco security breach.
Former New South Wales Premier Gladys Berejiklian was appointed to the position of ‘newly created’ Managing Director of Enterprises, Business and Institutions in February, after resigning as Prime Minister in October 2021, and while he remains under investigation by the state’s corruption watchdog – ICAC.
Twitter users took to the site in droves, criticizing Ms Berejiklian and Optus for the hack as customers desperately searched for answers.
There is no indication of wrongdoing on the part of Ms. Berejiklian.
With Jack Evans
Originally Posted as Up to A$9 Million Affected by Major Optus Data Breach