One of the largest Australian telecom company, Optus, reported a data breach attack in which threat actors gained access to both current and former client data.
With around 10 million users, Optus is Australia’s second-largest telecom provider and a subsidiary of Singapore-owned Singtel.
“Following a cyberattack, Optus is investigating the possible unauthorised access of current and former customers’ information.”
In a press release on Thursday, Optus stated that the breach resulted in the theft of an undefined number of customer names, dates of birth, phone numbers, email addresses, addresses, and identification document numbers, such as those on a driver’s licence or passport. Payment information and account credentials were not compromised in the attack.
Messages and phone calls have not been compromised, and neither have Optus services like mobile or home internet. Optus services continue to be safe to use and run normally.
Details of the security breach were not made public by the company.
Optus promptly shut down the attack after discovering it. According to them, they are collaborating with the Australian Cyber Security Centre to reduce customer risks. Optus has also informed the Australian Federal Police, the Australian Information Commissioner, and other critical regulators.
They conclude the announcement with,
“Optus has also notified key financial institutions about this matter. While we are not aware of customers having suffered any harm, we encourage customers to have heightened awareness across their accounts, including looking out for unusual or fraudulent activity and any notifications which seem odd or suspicious.”
They also mentioned customers are recommended to consult trustworthy sources in order to assist prevent against fraud.