Sydney, Australia; Number 2 tele communication company in Australia, Optus, owned by Singapore Telecommunications Ltd, has revealed that it could get in touch with 10 million customers whose personal information was taken in a “sophisticated” hack, but highlighted that no corporate clients had been compromised.
According to Optus, the teleco immediately shut down the attack after it was discovered and that no payment details or account passwords were compromised.
Optus CEO Ms. Kelly Bayer Rosmarin updated that the company alerted the Australian Federal Police after noticing unusual activity.
Ms. Rosmarin observed that the company would contact high-risk customers “very soon” and apologized for the incident. Optus said names, dates of birth and contact details were accessed, driving license numbers were accessed “in some cases” and passports and mailing addresses “on rare occasions” were exposed.
Investigators are trying “to understand who has been accessing the data and for what purpose,” the CEO shared.
“Optus is working with the Australian Cyber Security Centre to mitigate any risks to customers,” the telecommunication firm remarked in a statement on the website.
Australian law requires telecommunications companies to verify customers’ identities to prevent them from registering burner phones or from number porting, a growing attack method used to bypass two-factor authentication using SMS codes.
The data in context goes back to 2017 as Optus is required to keep identity verification records for six years.
Ms. Rosmarin added that Optus has put all customers on high alert as a precaution.
The Australian publications reported that 9 million customers were affected. Optus told news agencies that it could not confirm the number of customers affected and that an investigation was ongoing.