Optus has suffered what they are describing as a cyber attach resulting in countless customer records being accessed which could include everything from date of birth through to personal ID numbers.

The date of the attack was not noted in the announcement Optus made on their website, but Optus say they were able to shut down the attack as soon as the unauthorised access was discovered.

Optus CEO Kelly Bayer Rosmarin says “We are devastated to discover that we have been subject to a cyberattack that has resulted in the disclosure of our customers’ personal information to someone who shouldn’t see it,”

“As soon as we knew, we took action to block the attack and began an immediate investigation. While not everyone maybe affected and our investigation is not yet complete, we want all of our customers to be aware of what has happened as soon as possible so that they can increase their vigilance. We are very sorry and understand customers will be concerned. Please be assured that we are working hard, and engaging with all the relevant authorities and organisations, to help safeguard our customers as much as possible.”

The real concern here is that this is not some top level data they’ve apparently seen, Optus say the data which may have been exposed includes:

  • Name
  • Date of Birth
  • Phone Number
  • Email Address

And, they say, for another group of users that could also include:

  • Address
  • ID Document Number

Accessing your drivers license or passport number is like writing a blank check for a scammer looking to steal your identity.

Optus say they are working with financial institutions and all relevant government bodies, but in the end, if that information has been scraped and stored and is made available on the dark web – it’s a huge issue.

Because Optus has not stated which set of customers are involved, is this mobile, broadband, Optus Sport or all of the above, the breach could affect millions and millions of customers.

Questions we have right now are – When was the breach? Why did Optus not push out a media alert on this, instead just posting it on their website? Have customers been contacted, if not, why not?

Because announcing this on the afternoon on a public holiday isn’t a great look.

Customers of Optus, we feel for you, and encourage you to do the following:

  • Change you passwords.
    • Optus, Bank, Email and social media
  • Add two factor authentication to all your accounts
    • Optus, Bank, Email and all platforms possible
  • Consider obtaining a copy of your credit report now, and in the months ahead
    • To find out if anyone is using your name to apply for any form of credit
  • Monitor your bank statements