Australia’s second-largest telecommunications company, Optus, suffered a data breach on Wednesday. Although the number of users impacted due to the hacking has not been confirmed, the company’s chief executive officer Kelly Bayer Rosmarin stated that the number is expected to be significant, The Guardian reported.
According to a press release by Optus, the incident impacted the customers’ personal information, including their name, date of birth, phone number, email address, and ID documents like driver’s licenses and passport numbers. Moreover, the customers’ data, who have been associated with the organization since 2017, was affected as the company preserved identity verification records for six years. The company presently hosts 9.8 million customers.
Reports suggest that the breach took place due to the exploitation of a vulnerability in an application programming interface (API). There have neither been ransom demands, nor any culprits have been identified yet.
Optus alerted the media within 24 hours of learning about the breach and shut down all unauthorized access. The case is being investigated by the Australian federal police and the Australian cyber security center. Rosmarin confirmed that the company is working with the government’s cyber experts, privacy officials, and regulators to get to the root of the issue.
The organization also alerted major financial institutions, its competitors, and other businesses about the data breach so they could take necessary actions to safeguard their systems.
In the wake of the incident, the Australian cyber security center is working along with Optus and providing technical assistance, Home Affairs Minister Clare O’Neil stated. Since the exact impact of the data breach is unknown, the organization contacted the media because it was able to reach out to the customers sooner, who could then start monitoring any suspicious activities.
The company is also sending communications to its users. “For customers believed to have heightened risk, Optus will undertake proactive personal notifications and offer expert third-party monitoring services,” stated the company’s press release.
Optus has temporarily stopped SIM swap and replacement requests as a precautionary measure to avoid identity theft and other crimes. The Change of Ownership service is also not available via phone, online, and messaging support for the time being. To do so, a customer will need to visit any of the Optus retail locations with a relevant ID. However, Optus services comprising mobile and home internet, message, and voice calls were not impacted by this data breach and are functioning normally.
This weekly roundup highlights top cybersecurity news: Hasbro attack, AI supply chain breaches, and rising ransomware threats worldwide.
PXA Stealer, deployed by Vietnam-linked actors, hijacks LinkedIn accounts and exfiltrates credentials, crypto wallets, and sensitive data worldwide.
The data security risks of foreign-developed mobile apps are not limited to what users see on the surface.
AVrecon spreads by scanning the internet for devices with exposed vulnerable services.
What stands out in this case is that even access involving politically exposed and high-profile individuals did not trigger alerts.
Hasbro cyberattack confirmed on March 28, taking systems offline and launching an investigation with third-party cybersecurity experts.
This website uses cookies. By continuing to use this website you are giving consent to cookies being used.
Read More