Australia’s Optus reveals nearly 10M customers caught in cyber attack

Australia’s second-largest teleco Optus, owned by Singapore Telecommunications Ltd, said it will contact nearly 10 million customers whose personal details were robbed in a sophisticated hack.

The firm added no corporate clients were compromised.

Kelly Bayer Rosmarin, CEO of Optus said she was angry and sorry that an offshore-based entity had broken into the firm’s database of customer information, accessing home addresses, driver’s licenses, and passport numbers in one of Australia’s most significant cybersecurity breaches.

Nearly 9.8 million accounts may be compromised, equivalent to 40% of the Australian population. However, Bayer Rosmarin said that was the absolute worst-case scenario and the firm had reason to believe that the number was smaller than that.

Optus’ chief executive said corporate customers appeared unaffected and there was no indication the intruder took customer bank account passwords or details. Cybersecurity and police authorities were still investigating the attack.

In an online media briefing, Bayer Rosmarin said the firm would be identifying specifically which customers were affected and proactively contacting each customer with clear explanations of which of their information had been taken and exposed.

Bayer Rosmarin declined to provide details of how the attacker breached the firm’s security, citing an ongoing criminal investigation but noted the cyber attacker’s IP address appeared to move between unspecified European countries.