Australia’s second-largest telecommunications company, Optus, suffered a data breach on Wednesday. Although the number of users impacted due to the hacking has not been confirmed, the company’s chief executive officer Kelly Bayer Rosmarin stated that the number is expected to be significant, The Guardian reported.
According to a press release by Optus, the incident impacted the customers’ personal information, including their name, date of birth, phone number, email address, and ID documents like driver’s licenses and passport numbers. Moreover, the customers’ data, who have been associated with the organization since 2017, was affected as the company preserved identity verification records for six years. The company presently hosts 9.8 million customers.
Reports suggest that the breach took place due to the exploitation of a vulnerability in an application programming interface (API). There have neither been ransom demands, nor any culprits have been identified yet.
Preventing further damage
Optus alerted the media within 24 hours of learning about the breach and shut down all unauthorized access. The case is being investigated by the Australian federal police and the Australian cyber security center. Rosmarin confirmed that the company is working with the government’s cyber experts, privacy officials, and regulators to get to the root of the issue.
The organization also alerted major financial institutions, its competitors, and other businesses about the data breach so they could take necessary actions to safeguard their systems.
In the wake of the incident, the Australian cyber security center is working along with Optus and providing technical assistance, Home Affairs Minister Clare O’Neil stated. Since the exact impact of the data breach is unknown, the organization contacted the media because it was able to reach out to the customers sooner, who could then start monitoring any suspicious activities.
The company is also sending communications to its users. “For customers believed to have heightened risk, Optus will undertake proactive personal notifications and offer expert third-party monitoring services,” stated the company’s press release.
Temporary hold on some services
Optus has temporarily stopped SIM swap and replacement requests as a precautionary measure to avoid identity theft and other crimes. The Change of Ownership service is also not available via phone, online, and messaging support for the time being. To do so, a customer will need to visit any of the Optus retail locations with a relevant ID. However, Optus services comprising mobile and home internet, message, and voice calls were not impacted by this data breach and are functioning normally.
