The private information of 9.8 million Australians is at risk after major telecommunications firm Optus suffered a cyber attack that breached its firewall.
On Sept. 22, Optus confirmed that hackers got access to the names, dates of birth, phone numbers, email addresses, and potentially the driver’s licence, passport numbers, and addresses, of millions of current and former customers.
The company said attackers had not been able to steal payment details and account passwords, and that it was working with the Australian Cyber Security Centre to limit any risk to customers.
Optus also said it already notified the Australian Federal Police, the Office of the Australian Information Regulator, and other major regulators.
“As soon as we knew, we took action to block the attack and began an immediate investigation,” Optus CEO Kelly Bayer Rosmarin said in a statement.
“While not everyone may be affected and our investigation is not yet complete, we want all of our customers to be aware of what has happened as soon as possible so that they can increase their vigilance.
“We are very sorry and understand customers will be concerned. Please be assured that we are working hard to help safeguard our customers as much as possible.”
Regulators Concerned for Customers
Delia Rickard, deputy chair of the Australian Consumer and Competition Commission, said the leak of so much data was of great concern.
“These are all the things that you need for identity theft and also all the things you need to personalise a scam and make it much more convincing,” she told Nine’s Today program.
In addition, Rickard said any Optus customers who suspected they are victim to fraud should request a ban on their credit records and also stay vigilant if they receive unexpected calls from people claiming to work for banks or government agencies.
Meanwhile, Scamwatch advised Optus customers to change online account passwords and enable multi-factor authentication for banking to protect their personal information.
It also told affected customers to set limits and monitor unusual activities on their bank accounts, as well as request a ban on credit reports if they suspected fraud.
“Scammers may use your personal information to contact you by phone, text or email,” Scamwatch said in a statement.
“Never click on links or provide personal or financial information to someone who contacts you out of the blue.”
Liberal Senator James Paterson, a member of the federal Parliament’s intelligence committee, called the attack “one of the most serious” data breaches ever suffered by an Australian business.
“It is important to understand how this happened, who the attacker is, what mitigations can be made (and) what changes are necessary to prevent it from re-occurring,” he said in a Twitter post.
These very concerning reports represent one of the most serious cyber attacks ever suffered by an Australian business. It is important to understand how this happened, who the attacker is, what mitigations can be made & what changes are necessary to prevent it from re-occurring.
— James Paterson (@SenPaterson) September 22, 2022