Australia’s second-largest telecommunication firm, Optus, is the latest cyberattack victim, which Sydney-based tech analyst Trevor Long has regarded as the biggest breach of personal data from an Australian firm.
Optus Hack Details
On Thursday, Optus confirmed that its customers’ private data could be compromised in this attack since the attackers managed to access the customer identity database and opened it to other systems through the Application Programming Interface (API). The investigation is still ongoing, but Optus believes one of the networks was exposed to a test network with internet access.
According to the official press release, the information potentially exposed includes the following:
- Dates of birth
- Phone numbers
- Email addresses
- Driver’s license
- Passport numbers.
The company suspects intruders scraped the consumer database and possibly copied one-third of it. Optus also stated that its network was accessed from an external source. As soon as it discovered the attack, it shut down the attack before customers could suffer any harm. However, the company did advise its customers to keep tracking their accounts for unusual or fraudulent activities.
- Sensitive Data of Australian Navy’s Vessels and Fighter Jets stolen
- Hackers stole 738 GB of data from an Australian government agency
- Vietnamese man hacked Australian airport computers; stole security data
- Scoop: Australian Trading Giant ACY Securities Exposed 60GB of User Data
- Anonymous Leak 82GB of Police Emails Against Australia’s Offshore Detention
Possibility of a Human Error?
Optus CEO Kelly Bayer Rosmarin was asked if human error was responsible for the breach at a media briefing to which she responded:
“I know people are hungry for details about the exact specificity of how this attack could occur, but it is the subject of criminal proceedings and so we will not be divulging details about that.”Kelly Bayer Rosmarin, Optus CEO.
The CEO added that Optus boasts strong cyber defenses and has invested heavily in this regard, so if it can become a target of a security breach, it should be a wake-up call for all organizations.
However, Optus has denied the involvement of human error in this data breach that impacted millions of customers. The CEO also apologized to the company’s customers and said it was challenging to offer immediate advice unless the investigation was completed.
“We are devastated to discover that we have been subject to a cyberattack that has resulted in the disclosure of our customer’s personal information to someone who shouldn’t see it.”Kelly Bayer Rosmarin, Optus CEO.
Kelly has asked for increased vigilance across companies, governments, and customers of Optus as the Sydney-based telecom giant determines how many customers were affected by the data breach. However, it is confirmed that Optus’s voicemails, texts, payment data, and account passwords weren’t compromised in the hack.
MORE TELECOM SECURITY NEWS
- Spanish telecom giant MasMovil hit by Revil ransomware gang
- Telecom giant behind routing SMS discloses 5-year-long data breach
- Argentina’s largest telecom hacked with hackers demanding $7.5 million
- Hacker extracts customer data from Canadian Telecom Firm after rebuttal
- Croatian Police arrests minor over A1 Telecom data breach & ransom demand