Optus has suffered a cyberattack, telling customers Thursday afternoon there’d been unauthorised access of their information.
According to a statement from Optus, the possible unauthorised access could affect current and former customers’ information.
Information that may have been exposed in the cyberattack, Optus said, includes customers’ names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses, ID document numbers such as driver’s licence or passport numbers.
Payment details and account passwords have not been compromised, Optus said. Optus services, including mobile and home internet, are not affected, and messages and voice calls have not been compromised in the cyberattack.
“Optus services remain safe to use and operate as per normal,” the statement added.
[related_content first=”1819416″]
Optus said it immediately shut down the cyberattack, notified the Australian Cyber Security Centre to aid with mitigation and also the Australian Federal Police and the Office of the Australian Information Commissioner (OAIC).
Under the Notifiable Data Breaches (NDB) scheme, overseen by the OAIC, all agencies and organisations in Australia that are covered by the Privacy Act are required to notify individuals whose personal information is involved in a data breach that is likely to result in “serious harm”, as soon as practicable after becoming aware of a breach.
“We are devastated to discover that we have been subject to a cyberattack that has resulted in the disclosure of our customers’ personal information to someone who shouldn’t see it,” said Optus CEO Kelly Bayer Rosmarin.
She also said that Optus was “very sorry and understand customers will be concerned”.
“Please be assured that we are working hard, and engaging with all the relevant authorities and organisations, to help safeguard our customers as much as possible,” Bayer Rosmarin added.
According to Optus’ statement, as soon as the telco became aware of the cyberattack, it took action to block the attack and began an immediate investigation.
“While not everyone may be affected and our investigation is not yet complete, we want all of our customers to be aware of what has happened as soon as possible so that they can increase their vigilance,” the CEO explained.
Optus said it will keep customers updated once it learns more about the cyberattack.