Australian telecom provider Optus has suffered a data breach reportedly compromising sensitive customer data including dates of birth, email addresses and passport numbers. Information related to present and former employees were also impacted.
Hackers had only targeted the company’s customer data, leaving its systems and services untouched. No SMSs or voice calls were compromised and the company claims its services remain safe to use.
Optus disclosed the event on Thursday stating that the company was currently investigating the incident and working with the Australian Cyber Security Centre to mitigate any risks to customers. Other key regulators including the Australian Federal Police and Office of the Australian Information Commissioner have also been notified. Impacted customers are also currently being notified.
Any details, however, including what systems were affected, how long did the breach last and how many customers were affected haven’t been disclosed yet.
CEO Kelly Bayer Rosmarin said the company blocked the attack upon discovery and noted that some customers might remain unaffected. However, outside of the aforementioned information, a specific group of customers was even more impacted with information regarding addresses and driver’s license numbers also leaked.
No financial data was leaked as reported by the company. However, Optus claims to have informed major financial institutions about the breach and asked the customers to look out for any fraudulent activity.
This isn’t the firse time Optus, the second-largest telecom provider in Australia, has suffered data breaches either. Back in 2013 the company mistakenly published the names, addresses and phone numbers of nearly 122,000 customers without their consent.
Before that in 2003, while trying to facilitate remote access, the telco left management ports on Netgear and Cisco routers open. This allowed hackers to compromise customers who hadn’t changed the default administrative passwords on vulnerable device.
In the News: GoI wants to intercept encrypted messages for “national security”