Optus has suffered a major data breach, compromising the personal information of up to nine million Australian customers. Personal details, including passport and licence numbers, email and home addresses, dates of birth and telephone numbers of 2.8 million customers were accessed in the cyberattack, Optus has confirmed.
About seven million people’s dates of birth, email addresses and phone numbers were stolen.
Cyber criminals could have access to enough information to steal the identities of millions of Optus customers, the consumer watchdog has warned.
Australian Consumer and Competition Commission deputy chair Delia Rickard said the cyberattack was extremely worrying due to the large amount of personal information fraudsters might be able to access.
“These are all the things that you need for identity theft and also all the things you need to personalise a scam and make it much more convincing,” she told Nine on Friday.
Optus Australia confirmed the attack on Thursday, stating it was “investigating the possible unauthorised access of current and former customers’ information”.
“We are devastated to discover that we have been subject to a cyberattack that has resulted in the disclosure of our customers’ personal information to someone who shouldn’t see it,” Optus CEO Kelly Bayer Rosmarin said.
“As soon as we knew, we took action to block the attack and began an immediate investigation.
“While not everyone may be affected and our investigation is not yet complete, we want all of our customers to be aware of what has happened as soon as possible so that they can increase their vigilance.”
“Optus has also notified key financial institutions about this matter,” Rosmarin said.
“While we are not aware of customers having suffered any harm, we encourage customers to have heightened awareness across their accounts, including looking out for unusual or fraudulent activity and any notifications which seem odd or suspicious.
“We are very sorry and understand customers will be concerned. Please be assured that we are working hard … to help safeguard our customers as much as possible.”
Cybersecurity Minister Clare O’Neil told 7NEWS.com.au: “The Australian Cybersecurity Centre is providing cybersecurity advice and technical assistance” in relation to the cyberattack involving Optus. Australian Federal Police, the Office of the Australian Information Regulator and other key regulators have also been notified.