Optus under massive hacker attack, customer info stolen

Optus has suffered a massive cyber-attack, with the personal information of customers stolen, including names, dates of birth, addresses, and contact details.

Optus suffered the data breach when hackers, believed to be working for a criminal or state-sponsored organization, accessed the sensitive information by breaking through the company’s firewall.

The Australian Cyber Security Centre is working with Optus to lock down its systems, secure any data against further breaches, and trace the attackers. The Australian federal police and the Office of the Australian Information Commissioner have also been notified.

Optus has 9.7 million subscribers, according to publicly available data, but the company said it was still assessing the size of the data breach.

The firm confirmed information which may have been exposed included Optus customers’ names, dates of birth, phone numbers, email addresses and, for a cohort of customers, physical addresses and identification document numbers such as driving licence or passport numbers.

Optus said payment details and account passwords have not been compromised, and that services, including mobile phones and home internet, were not affected.

The company insisted voice calls had not been compromised, and that Optus services remained safe to use and operate:

We are devastated to discover that we have been subject to a cyber-attack that has resulted in the disclosure of our customers’ personal information to someone who shouldn’t see it.

We are very sorry and understand customers will be concerned. Please be assured that we are working hard, and engaging with all the relevant authorities and organizations, to help safeguard our customers as much as possible.

Recently, American Airlines notified customers of a recent data breach after hackers compromised an undisclosed number of employee email accounts and gained access to sensitive personal information.