‘We’re deeply sorry’: Optus suffers massive data breach
The personal data of millions of Australians has been stolen in one of the nation’s largest ever cyber attacks.
Business
Don't miss out on the headlines from Business. Followed categories will be added to My News.
Australia’s second largest telco Optus has suffered one of the most significant data breaches in Australian history, with the personal details of millions of customers stolen by hackers in a successful cyber attack.
About 2.8 million customers have had their personal details including drivers licence numbers, home addresses and dates of birth taken, while about 7 million have had their email addresses and phone numbers stolen.
Optus chief executive Kelly Bayer Rosmarin said that the company is investigating the incident and has notified the Australian Federal Police, the Office of the Australian Information Commissioner and regulators. She said it was too early to know whether the attack was by a criminal or state-based group.
The breach affects both current and former Optus customers.
“We are devastated to discover that we have been subject to a cyberattack that has resulted in the disclosure of our customers’ personal information to someone who shouldn’t see it,” Ms Bayer Rosmarin said in a statement.
“As soon as we knew, we took action to block the attack and began an immediate investigation. While not everyone maybe affected and our investigation is not yet complete, we want all of our customers to be aware of what has happened as soon as possible so that they can increase their vigilance.
“We are very sorry and understand customers will be concerned. Please be assured that we are working hard, and engaging with all the relevant authorities and organisations, to help safeguard our customers as much as possible.”
It’s understood Optus discovered the attack late on Wednesday before revealing it to customers and the public on Thursday afternoon.
She said that while personal information was exposed, payment detail and account passwords have not been compromised.
The company uses customers’ passport information and drivers’ licences to conduct credit checks.
The attack is not ongoing, Ms Bayer Rosmarin said, and Optus services including mobile and home internet are not affected.
The company’s systems are safe to use, she said, and messages and voice calls have not been compromised in the attack.
The telco will proactively reach out to ‘customers believed to have heightened risk’, and is encouraging customers with concerns to make contact via the My Optus app.
“Optus has also notified key financial institutions about this matter. While we are not aware of customers having suffered any harm, we encourage customers to have heightened awareness across their accounts, including looking out for unusual or fraudulent activity and any notifications which seem odd or suspicious.”
Ms Bayer Rosmarin, a former CBA executive, joined Optus as its chief executive in April 2020.
Minister for Cyber Security Clare O’Neil said in a statement that the Australian Cyber Security Centre was aware of the breach and was providing advice and technical assistance.
An AFP spokesman said the agency had been notified of the incident but could not comment further.
“The most up to date information will be available via optus.com.au,” an Optus spokeswoman said.
“For customers who have specific concerns, they can contact Optus via the My Optus App (which remains the safest way to interact with Optus) or by calling 133 937. Optus will not be sending links in any emails or SMS messages.”
Originally published as ‘We’re deeply sorry’: Optus suffers massive data breach