Optus has suffered a security breach that it says may have compromised various customer data, including dates of birth, email addresses and passport numbers. Information about both current and former customers of the Australian mobile operator is affected by the security incident.
Optus said Thursday that it is looking into “potential unauthorized access” to customer data in the wake of a cyberattack, but did not disclose details of which systems were affected, when the breach was discovered, or how many customers might be affected.
Despite this, the company’s CEO, Kelly Baer-Rosmarin said: “We had a cyber attack that resulted in the disclosure of our customers’ personal information to someone who shouldn’t have seen it. As soon as we became aware, we took action to block the attack and an immediate investigation was launched.”
Rosmarin noted that while not all customers have been affected, investigations are still ongoing.
According to Optus, a security breach could compromise various customer data, including dates of birth, phone numbers, and email addresses, as well as additional information such as addresses, identity document details that included driver’s license and passport numbers for a certain group of customers.
The Australian operator said financial details and account passwords were not affected by the hack. However, it said major financial institutions have been notified about the breach. It also urged customers to keep an eye out for unusual or potential fraudulent activities.
Optus said it has notified the relevant authorities, including the Australian Federal Police, and is working with the Australian Cyber Security Center on the incident.
Optus is a wholly owned subsidiary of Singtel, which is Australia’s second largest telecommunications company. In 2019, it had about 10.2 million mobile subscribers.
The carrier has been implicated in previous data privacy incidents, including a 2013 breach in which the operator mistakenly published the names, addresses and mobile phone numbers of 122,000 customers without their consent. In a 2008 incident, Optus left Netgear and Cisco Systems management ports open to facilitate remote access, leaving customers who had not changed the default administrative passwords on devices vulnerable to potential hacking.