Nearly 10 million Australians have had their personal data compromised in a massive cyberattack on Optus. The telecommunications company said personal information of millions of customers has been stolen, including names, dates of birth, addresses and contact details. However, payment detail and account passwords have not been compromised.
Hackers believed to be working for a criminal or state-sponsored organization accessed the sensitive information by breaching the company's firewall. This affects current and former customers of Optus.
Kelly Bayer Rosmarin, CEO of Optus, said the company acted immediately to stop any further breach after learning of the incident. "We are devastated to discover that we have been subject to a cyber-attack that has resulted in the disclosure of our customers' personal information to someone who shouldn't see it." Optus took action to block the attack and launched an immediate investigation, which is not yet complete. Bayer said the company wants all its customers to be aware of what has happened as soon as possible so that they can increase their vigilance.
The executive said authorities have been notified and called in to assist in investigating the source. The company has informed key financial institutions about the matter. It encouraged customers to have heightened awareness across their accounts, including looking out for unusual or fraudulent activity, and for any notifications which seem odd or suspicious. Optus is engaging with all relevant authorities and organizations to safeguard its customers as much as possible. The CEO highlighted that their services were not affected in the breach and remain safe to use; messages and voice calls were not compromised.
The Australian Cyber Security Center is working with Optus to lock down its systems. They want to secure any data against further breaches and trace down the attackers. The Australian federal police and the Office of the Australian Information Commissioner are also investigating.
Clare O'Neil, the Home Affairs Minister, said Australian companies and organizations were being consistently targeted for cyber attacks, cyber criminals and hostile nations. He revealed that the Australian Signals Directorate's (ASD) Australian Cyber Security Center (ACSC) has seen broad targeting of Australians and Australian organizations through rapid exploitation of technical vulnerabilities by state actors and cyber criminals seeking to exploit weaknesses and steal sensitive data."