A hacker has seized the private information of Optus customers including, in some instances, drivers licence and passport details, in a cyberattack.
Customers’ personal information including their name, date of birth, phone number, and email address – and in some cases sensitive documents such as drivers licences and passports – may have been exposed by person/s unknown last Thursday 27 September.
Payment details and account passwords have not been compromised as a result of this attack. The cyberattack is now under investigation by the Australian Federal Police.
Upon discovering this, Optus immediately shut down the attack. It is working with the Australian Cyber Security Centre to mitigate any risks to customers and notified the Australian Federal Police, the Office of the Australian Information Commissioner and key regulators.
Optus’ Chief Executive Officer, Kelly Bayer Rosmarin, said an investigation into the attack is ongoing.
“As soon as we knew, we took action to block the attack and began an immediate investigation,” Ms Rosmarin said.
“While not everyone may be affected and our investigation is not yet complete, we want all of our customers to be aware of what has happened as soon as possible so that they can increase their vigilance. We are very sorry and understand customers will be concerned.
“Please be assured that we are working hard, and engaging with all the relevant authorities and organisations, to help safeguard our customers as much as possible.”
Now, the Australian Competition & Consumer Commission’s (ACCC) Scamwatch service has warned customers to take immediate action in securing their accounts, advising that:
“Optus customers should take immediate steps to secure all of their accounts, particularly their bank and financial accounts. You should also monitor for unusual activity on your accounts and watch out for contact by scammers.”
The ACCC identified five steps customers could take to protect their personal information, including:
- Securing your devices and monitor for unusual activity
- Changing your online account passwords and enable multi factor authentication for banking
- Checking your accounts for unusual activity such as items you haven’t purchased
- Placing limits on your accounts or asking your bank to secure your money
- Requesting a ban on your credit report if you suspect fraud
Optus has since offered the most affected customers of the breach a free 12-month subscription to Equifax Protect, a credit-monitoring and identity protection service.
“The most affected customers will be receiving direct communications from Optus over the coming days on how to start their subscription at no cost,” a spokesperson said.
“Please note that no communications from Optus relating to this incident will include any links as we recognise there are criminals who will be using this incident to conduct phishing scams.”
More information about how customers can protect themselves is available on the OAIC website here.