SYDNEY: Australia’s No 2 telco Optus, owned by Singtel, said that it will contact up to 10 million customers whose personal details were taken in a “sophisticated” hack, but added that no corporate clients were compromised.
Optus chief executive Kelly Bayer Rosmarin said she was angry and sorry that an offshore-based entity had broken into the company’s database of customer information, accessing home addresses and drivers’ licence and passport numbers in one of the country’s biggest cybersecurity breaches.
As many as 9.8 million accounts may be compromised, equivalent to 40 per cent of Australia’s population, but “that is the absolute worst case scenario (and) we have reason to believe that the number is actually smaller than that”, Bayer Rosmarin said.
Bayer Rosmarin said that corporate customers appeared unaffected and there was no indication the intruder took customer bank account details or passwords. Police and cybersecurity authorities were still investigating the attack which Optus told customers about on Thursday (Sep 22).
“We will be identifying specifically which customers (were affected) and proactively contacting each customer with clear explanations of which of their information has been exposed and taken,” Bayer Rosmarin said in an online media briefing on Friday.
“I’m angry that there are people out there that want to do this to our customers. I’m disappointed that we couldn’t have prevented it … and I’m very sorry,” she added.
Bayer Rosmarin declined to give details of how the attacker breached the company’s security, citing an ongoing criminal investigation, but noted that the attacker’s IP address – the unique identifier of a computer – appeared to move between unspecified countries in Europe.
As a major telco, Optus considers itself a target for cyber attackers and has routinely repelled attempts to breach its systems, however, “this particular one (was) not similar to anything we’ve seen before, and unfortunately it was successful”, she said.