Optus, Australia’s second-largest operator, has been contacting customers to inform them that their data has been leaked, including at least 10 million customers whose personal information was compromised and the number of affected users. This is equivalent to about 40% of the country's population of 25.9 million.
The scale of the database breach made it one of the largest cybersecurity incidents in the country's history.
According to reports, the information involved in this case includes the user's name, date of birth, home address, phone number, email address, driver's license number, passport number, etc. in the database. All that is known about the data breach is that it came from an offshore entity.
Optus chief executive Kelly Bayer Rosmarin expressed regret and anger over the cyber attack.
Optus officials said it was trying to contact "all customers to inform them about the impact, if any, of the cyber attack on their personal information".
Hi, we are working closely with the Australian Cyber Security Centre, key regulators and authorities to mitigate any risks to customers. We also notified the Australian Federal Police and financial institutions.(1/3)
— Optus (@Optus) September 22, 2022
(3/3) We’ll be contacting impacted customers soon with further information and details on how we'll be supporting them. Tano
— Optus (@Optus) September 22, 2022
"We will start with customers whose ID numbers may have been compromised, who will be notified today," Optus said. "We will be the last to notify customers who were not affected. No passwords or financial details were compromised in this incident." Optus said the data breach did not appear to have affected enterprise customers.
The CEO noted that many Optus customers are now concerned about the security of their personal information and are frustrated by the incident.
Australian authorities are investigating possible leads. The Sydney Morning Herald published a report yesterday saying Optus had received extortion threats to pay $1 million in cryptocurrency or hackers would sell the personal information of millions of customers. The Australian Federal Police told Reuters that Optus customer data and other "credentials" were available for purchase on the "dark web" and other sources.
Optus noted that because law enforcement is investigating the matter, the amount of information it can release about this data breach is limited. The operator noted that IP addresses belonging to the hackers moved between different countries in Europe. They advise customers to keep an eye out for any unusual and suspicious activity in their accounts.
0 Comments