Skip to content

Optus breach exposes customer data; Services remain unaffected

  • by
  • 2 min read

Australian telecom provider Optus has suffered a data breach reportedly compromising sensitive customer data including dates of birth, email addresses and passport numbers. Information related to present and former employees were also impacted. 

Hackers had only targeted the company’s customer data, leaving its systems and services untouched. No SMSs or voice calls were compromised and the company claims its services remain safe to use.

Optus disclosed the event on Thursday stating that the company was currently investigating the incident and working with the Australian Cyber Security Centre to mitigate any risks to customers. Other key regulators including the Australian Federal Police and Office of the Australian Information Commissioner have also been notified. Impacted customers are also currently being notified. 

Any details, however, including what systems were affected, how long did the breach last and how many customers were affected haven’t been disclosed yet. 

No information on the attack vector has been been disclosed. | Source: Optus

CEO Kelly Bayer Rosmarin said the company blocked the attack upon discovery and noted that some customers might remain unaffected. However, outside of the aforementioned information, a specific group of customers was even more impacted with information regarding addresses and driver’s license numbers also leaked. 

No financial data was leaked as reported by the company. However, Optus claims to have informed major financial institutions about the breach and asked the customers to look out for any fraudulent activity. 

This isn’t the firse time Optus, the second-largest telecom provider in Australia, has suffered data breaches either. Back in 2013 the company mistakenly published the names, addresses and phone numbers of nearly 122,000 customers without their consent.

Before that in 2003, while trying to facilitate remote access, the telco left management ports on Netgear and Cisco routers open. This allowed hackers to compromise customers who hadn’t changed the default administrative passwords on vulnerable device. 

In the News: GoI wants to intercept encrypted messages for “national security”

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

Related Reads

Minimal Phone might be the digital detox you need

Nothing Phone 3a arrives next month: Everything revealed so far

South Korea flags DeepSeek over data privacy concerns

WazirX introduces Creditor List and balance snapshot page

T-Mobile begins testing Starlink’s satellite-to-cell service

  • by
  • In News

DeepSeek iOS app sends unencrypted data to ByteDance servers

>