Australian telecommunications company Optus, suffered a cyber attack and subsequent data breach involving the details of 2.8 million customers, with “a subset” having their identity documentation exposed.
Optus, owned by Singapore Telecommunications Limited (STL) says that it’s own mobile and broadband services were not hacked in the incident, but some customer information was leaked.
Emsisoft threat analyst Brett Callow posted a screenshot on Twitter showing what he said was a database of 1.1 million Optus customers’ names, email addresses, and mobile numbers.
According to Optus CEO Kelly Bayer Rosmarin the telco took steps to block the attack and begin an immediate investigation as soon as it became aware of the breach and is now cooperating with the Australian Cyber Security Centre to safeguard its customers.
“While not everyone maybe affected and our investigation is not yet complete, we want all of our customers to be aware of what has happened as soon as possible so that they can increase their vigilance,” says Bayer Rosmarin
Optus says that in response to the attack it has “temporarily stopped SIM swaps and replacements, as well as change of ownership [activities]” via its “online, phone, and messaging support teams.”
It’s not entirely clear what information was retrieved with the telco only stating Customer data “might” have been compromised, and this might include names, dates of birth, phone numbers, email addresses, and, in a few instances, addresses and ID documentation.
Hugh Raynor, senior cyber security consultant at SureCloud says that attackers can use the information launch further cyberattacks on the individuals via phishing or malware laden emails, or even commit identity fraud.
According to Raynor the attacks appeared to be a data gathering exercise. However, it’s difficult for cybercriminals to access an organisation and steal payment data or funds..
“It’s far easier to gain access and steal user data instead.” says Raynor.
Optus assured it’s customers and said it’s “working hard, and engaged with all the relevant authorities and organisations, to help safeguard” them as much as possible.
