Around 9 million current and past customers of the Optus telco have had their data exposed. In a release published this afternoon, the company has confirmed — roughly 24 hours after confirmation of breach — the attack, investigation progress and that it is working with the Police.
Kelly Bayer Rosmarin, Optus CEO said:
We are devastated to discover that we have been subject to a cyberattack that has resulted in the disclosure of our customer’s personal information to someone who shouldn’t see it.
Further commenting that:
As soon as we knew, we took action to block the attack and began an immediate investigation. While not everyone may be affected and our investigation is not yet complete, we want all of our customers to be aware of what has happened as soon as possible so that they can increase their vigilance. We are very sorry and understand customers will be concerned. Please be assured that we are working hard, and engaging with all the relevant authorities and organisations, to help safeguard our customers as much as possible.
So, what exactly has been exposed?
- Customers’ names
- Dates of birth
- Phone numbers
- Email addresses
- for a subset of customers, addresses, ID document numbers such as driver’s licence or passport numbers
The company maintains payment details, account passwords and customer services; Internet, mobile service and the privacy of calls have not been affected by the breach.
Optus has also stated that any customers who are believed to be at heightened risk will get direct, proactive contact about the breach as well as support to connect with monitoring and support services.
This is a significant and serious breach for Optus customers past and present which will undoubtedly cause alarm. If you’re concenred, the My Optus app has a pathway for you to make contact with the carrier.