Customers’ names, birthdates, phone numbers, and email addresses were revealed due to the incident. The corporation, which has over ten million subscribers, claims to have stopped the attack, but not before other information, including the numbers on driver’s licenses and passports, was compromised. Payment information and account passwords, according to Optus, were safe. All clients should verify their accounts, the business said, adding that it would alert individuals who were at “heightened risk.”
She said names, dates of birth and contact details had been accessed, “in some cases” the driving licence number, and in “a rare number of cases the passport and the mailing address” had also been exposed.
The company had notified the Australian Federal Police after noticing “unusual activity”.
And investigators were trying “to understand who has been accessing the data and for what purpose”.
Optus says the type of information that may have been hacked includes customers’
- names
- dates of birth
- phone numbers
- email addresses
- addresses
- ID document numbers such as driver’s licence or passport numbers
“Optus is working with the Australian Cyber Security Centre to mitigate any risks to customers,” a statement on its website said.
“Optus has also notified key financial institutions about this matter.
“While we are not aware of customers having suffered any harm, we encourage customers to have heightened awareness across their accounts, including looking out for unusual or fraudulent activity and any notifications which seem odd or suspicious.”
Ms Rosmarin said the company had put all customers on high alert as a precaution – but many have been left frustrated and concerned.
Kaspersky cyber-security researcher David Emm told BBC News: “It’s good to see that Optus has said that it will contact those it believes are affected and that they will not be sending messages in emails or via SMS [text] messages – this makes it clear to customers that any such messages they receive will be fake.
“It’s also reassuring that no passwords or payment information has been stolen.
“Nevertheless, customers should be on the alert for any fraudulent activity they see and should protect their online accounts with unique, complex passwords and using two-factor authentication.”
About Author
