Australian telecommunications company Optus has been the victim of a major cyber attack and data breach.
Optus came clean on Thursday, saying the attack exposed information such as customer names, dates of birth, phone numbers, email addresses and – for some – physical addresses, ID document numbers such as driver’s license or passport numbers. Payment details and account passwords were not compromised.
In other words, enough information to open a bank account.
Optus CEO Kelly Bayer Rosemary said The company was “devastated”.
“As soon as we knew, we took action to block the attack and launched an immediate investigation,” Rosemary added. “While not everyone may be affected and our investigation is ongoing, we want all of our customers to know what happened as soon as possible so they can increase their vigilance.”
rosemary allegedly said the company noticed it after noticing “unusual activity” and is trying to find out “who accessed the data and for what purpose”.
The company said it will take proactive personal alerts and offer expert third-party monitoring services for those who believe they are at increased risk.
Several entities such as the Australian Cyber Security Centre, the Australian Federal Police and the Office of the Australian Information Commissioner have been notified or are working with Optus to lock down its systems, prevent future breaches and find culprits. These perpetrators are believed to be either a criminal or a state-sponsored organization.
The Office of the Australian Information Commissioner (OAIC) said It worked with Optus to ensure it met the requirements of the reportable data breach scheme.
Under the scheme, an organization bound by Australia’s Data Protection Act is required to notify victims when a data breach is likely to cause serious harm, including identity theft. And although Optus publicly announced the incident, many are upset that they weren’t notified individually.
An Optus user tweeted:
not an email or SMS from @Optus also out of politeness. It’s not that they don’t have our contact details.
— Jock (@CharacterEyes) September 22, 2022
Another thought Optus might have to do some repair work on the customer relationship:
Pretty brave of Optus to send me an invoice this month. I think this is actually with you
— Lavender baj (@lavosaurus) September 23, 2022
opus said Affected customers would be contacted “soon”.
Much information about the attack is still unknown, including what malware was used and how long the attacker had access to the information. Optus ensures that the use and operation of the Services remain secure.
The company, which has over 9 million subscribers, had its CISO leaving Last month. The man who previously held this role, Dr. Siva Sivasubramanian said his heart bleeds for Optus and he has offered support and services to the “current cyber management team”. ®
https://www.theregister.com/2022/09/23/cyberattack_optus/ Major cyber attack hits Australian telecom company Optus • The Register