40% of the Australian population may have had personal data stolen in the Optus data breach
Information that may have been obtained by the attackers involved includes the names, dates of birth, home addresses, telephone numbers, email addresses, driver’s license numbers, and passport numbers of those in the database. All that is known about the data breach is that it comes from an offshore entity. Optus CEO Kelly Bayer Rosmarin said she was sorry and angry about the cyber attack. The company said yesterday that it is trying to “reach out to all customers to inform them of the potential impact of the previously announced cyber attack on their personal data”.
Optus keeps its customers informed via Twitter
“We will start with customers whose ID document number may have been compromised, all of whom will be notified today,” Optus said in a statement. “We will notify customers who were the last to be impacted. No passwords or financial details were hacked.” The “advanced hack,” as the data breach was dubbed by Optus, did not appear to affect business customers.
Authorities are investigating a possible clue. The Sydney Morning Herald published a story yesterday stating that Optus received a blackmail threat demanding that it pay $1 million in cryptocurrency or else the hackers would sell the personal information of millions of customers. Australian Federal Police told Reuters they are aware of reports of customer data and other Optus ‘credentials’ being available for sale on the ‘dark web’ and through other sources.
Optus subscribers should monitor their accounts for strange or suspicious activity
The tweet read: “While we don’t know that customers have been harmed, we encourage you to make your accounts more aware, including looking out for unusual or fraudulent activity, as well as any reports that seem strange or suspicious.” Optus currently has approximately 5.8 million active users, representing 21% of Australia’s
population. Telstra is the largest wireless provider in the country with nearly 20 million subscribers.
Emm added, “Nevertheless, customers should be alert to fraudulent activity they see and protect their online accounts with unique, complex passwords and two-factor authentication.”