Australia’s second-largest telco, Optus, has said it will contact up to 10 million customers whose personal data was stolen in a “sophisticated” hack. The firm added that corporate customers were not compromised.
Kelly Bayer Rosmarin, chief executive of Optus, is furious and regrets that “an individual located overseas has hacked into the company’s database of customer information, accessing home addresses, driving licenses and passport numbers”.
The case is being described as one of the biggest cyber security breaches in the country. About 9.8 million accounts are believed to have been compromised. This equates to 40% of Australia’s population.
Still, “this is the worst-case scenario (and) we have reason to believe that the number is actually lower,” Bayer Rosmarin said. Corporate customers appear to be unaffected, she said, and there are no indications that the hacker took bank account details or customers’ passwords.
Police and cyber security authorities are still investigating the attack, which Optus notified customers about on Thursday.
“We will identify specifically which customers (were affected) and proactively contact each of them with clear explanations of what of their information was disclosed and taken,” Bayer Rosmarin said at a briefing. “I’m disappointed that we couldn’t prevent it … and I’m very sorry,” she added.
No details were released on how the attacker breached the company’s security, citing an ongoing criminal investigation. The firm noted that the attacker’s IP address “appears to be moving between unspecified countries in Europe.”
As a large telecommunications company, Optus has always been considered a target for cyber attacks and has always dealt with attempts to breach corporate systems until now. Still, “this particular case is unlike anything we’ve seen before, and unfortunately it was successful,” Rosmarin said.