• World CyberCon India
Data Breaches Firewall Daily Main Story

Optus Data Breach: Details of Over 9 Million Users at Risk

Optus has temporarily stopped SIM swap and replacement requests as a precautionary measure to avoid identity theft and other crimes following the data breach.

Optus Data Breach: Details of Over 9 Million Users at Risk
  • PublishedSeptember 23, 2022

Australia’s second-largest telecommunications company, Optus, suffered a data breach on Wednesday. Although the number of users impacted due to the hacking has not been confirmed, the company’s chief executive officer Kelly Bayer Rosmarin stated that the number is expected to be significant, The Guardian reported.

According to a press release by Optus, the incident impacted the customers’ personal information, including their name, date of birth, phone number, email address, and ID documents like driver’s licenses and passport numbers. Moreover, the customers’ data, who have been associated with the organization since 2017, was affected as the company preserved identity verification records for six years. The company presently hosts 9.8 million customers.

Reports suggest that the breach took place due to the exploitation of a vulnerability in an application programming interface (API). There have neither been ransom demands, nor any culprits have been identified yet.

Preventing further damage

Optus alerted the media within 24 hours of learning about the breach and shut down all unauthorized access. The case is being investigated by the Australian federal police and the Australian cyber security center. Rosmarin confirmed that the company is working with the government’s cyber experts, privacy officials, and regulators to get to the root of the issue.

The organization also alerted major financial institutions, its competitors, and other businesses about the data breach so they could take necessary actions to safeguard their systems.

In the wake of the incident, the Australian cyber security center is working along with Optus and providing technical assistance, Home Affairs Minister Clare O’Neil stated. Since the exact impact of the data breach is unknown, the organization contacted the media because it was able to reach out to the customers sooner, who could then start monitoring any suspicious activities.

The company is also sending communications to its users. “For customers believed to have heightened risk, Optus will undertake proactive personal notifications and offer expert third-party monitoring services,” stated the company’s press release.

Temporary hold on some services

Optus has temporarily stopped SIM swap and replacement requests as a precautionary measure to avoid identity theft and other crimes. The Change of Ownership service is also not available via phone, online, and messaging support for the time being. To do so, a customer will need to visit any of the Optus retail locations with a relevant ID. However, Optus services comprising mobile and home internet, message, and voice calls were not impacted by this data breach and are functioning normally.

Written By
Vishwa Pandagle

Vishwa Pandagle is a Technical Writer at The Cyber Express. She writes about cybersecurity-related news like data breaches, ransomware attacks, phishing attacks, etc. She also writes about ongoing cybersecurity-related developments and best practices. When not working, she likes self-reflecting, meditating, volunteering and going for long walks.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.