On Thursday, Australian telecoms giant Optus disclosed a major cyberattack that allowed threat actors to steal identifying details of nearly 10 million customers.
The exposed data includes personally identifying information (PII) such as:
- Email address and phone numbers
- Customer names and date of birth
- Physical addresses, drivers’ licenses and passport numbers for some customers
Optus said in a press release that mobile and home internet services were not affected during the attack and that billing, payment details and account passwords were not compromised.
The company claims that as soon as it discovered unauthorized access on its network, it immediately shut down the attack and contacted the Australian Cyber Security Centre to mitigate any risks to customers. Optus is also working closely with Australian Federal Police and Information Commissioner’s Office during the ongoing investigation.
“We are devastated to discover that we have been subject to a cyberattack that has resulted in the disclosure of our customers’ personal information to someone who shouldn’t see it,” said Optus CEO Kelly Bayer Rosmarin.
“As soon as we knew, we took action to block the attack and began an immediate investigation. While not everyone maybe affected and our investigation is not yet complete, we want all of our customers to be aware of what has happened as soon as possible so that they can increase their vigilance,” Rosmarin added.
Customer data held for ransom
According to Reuters, the alleged attackers created an online account on a forum on the dark web where they threatened to publicly release the data of 10,000 Optus customers per day unless the company paid a ransom of $1 million in cryptocurrency.
Today, however, the individuals behind the account ‘optusdata’ updated their post, claiming they deleted the data and withdrew their demands after leaking the information of 10,200 users.
What should Optus customers do to protect their digital privacy and security
Mitigating risk stemming from major data breaches involves the utmost vigilance from impacted customers.
The telecom provider has stressed that official company communications via email or SMS will not contain any hyperlinks or requests to confirm sensitive data, and advises any recipients of such messages to dismiss them entirely.
While Optus and Australian law enforcement investigate the attack, including verifying the validity of the leaked customer data online, the telecom provider is offering free credit and identity monitoring for customers.
It’s also recommended that users:
- Remain vigilant against suspicious or unexpected activity on all online accounts (including financial accounts) and immediately report fraud
- Be wary of any unsolicited contact from individuals who may have your personal information via email, text, phone calls or messages on social media
- Never click links or attachments from unfamiliar or suspicious sources and never provide your passwords or financial information
How can Bitdefender help with your online privacy?
Bitdefender offers a wide range of security and privacy solutions that protect your financial and digital wellbeing. For data breach victims and other privacy-conscious digital citizens, we provide dedicated privacy tools and services.
Bitdefender Digital Identity Protection, keeps you on top of data breaches and leaks with 24/7 data breach monitoring and real-time alerts for privacy threats. This way, you can change your passwords and secure your accounts to prevent financial loss or social media impersonation.
Consumers in the US can fend off identity theft and fraud by subscribing to our dedicated Identity Theft Protection service that offers real-time fraud, data breach and credit monitoring, SSN tracker and support of our #1-rated experts including insurance of up to $2 million.