Optus, the second largest telecommunications company in Australia, with over 10 million subscribers on its database, recently reported it has been the victim of a cyberattack. The widescale data breach has resulted in the exposure of customers’ full names, phone numbers, email addresses and dates of birth, among other personally identifiable information (PII). While the telecoms company shut down the cyberattack as quickly as it could, by the time it acted, personal details like customers’ passport numbers and driver’s licences were hacked. However, Optus has confirmed that no payment data or account passwords were compromised during the attack on its systems.

Discovery of a data breach

Optus has stated that it will be notifying any individuals who were at “heightened risk” because of the event, but have recommended that all their customers perform checks on their accounts.

Kelly Bayer Rosmarin, the telecom provider’s chief executive, apologised to Optus customers live on ABC TV. The top executive confirmed that dates of birth, names and a selection of contact details had all been accessed. She added that “in some cases” driving licence numbers had also been exposed and stated that, in rare cases, mailing addresses and passport numbers had also been compromised.

According to Optus, it reached out to the Australian Federal Police after unusual activity was observed. It added that investigators were currently trying to work out who the data was accessed by and for what reason. The telecoms company released a list of information types that could potentially have been accessed by hackers which included ID document numbers like passport and driver’s licence numbers, email addresses, phone numbers, dates of birth, names and mailing addresses.

A statement on the company’s official website read:

“Optus is working with the Australian Cyber Security Centre to mitigate any risks to customers. Optus has also notified key financial institutions about this matter. While we are not aware of customers having suffered any harm, we encourage customers to have heightened awareness across their accounts, including looking out for unusual or fraudulent activity and any notifications which seem odd or suspicious.”

Cybersecurity experts speak out

Optus’s chief executive has stated that as a precaution, the company has now put all its customer base on high alert, but many remain concerned and frustrated. Speaking to the BBC, David Emm, researcher for renowned cyber security firm Kaspersky, weighed in on the breach.

He stated that it was good to see that the telecommunications company has stated that it will be contacting those it believes are impacted and that Optus will not be sending out messages Via SMS messages and emails. This approach will make it very clear to customers that if they receive any such messages, these will be malicious phishing attacks.

He added that it was also reassuring that no payment details or passwords were stolen during the attack but warned that all Optus customers should stay on the alert for any signs of fraudulent activity. Customers should protect their accounts online with unique and complex passwords supported by two-factor authentication methods.