The private information of 9.8 million Australians is at risk after major telecommunications firm Optus suffered a cyber attack that breached its firewall.
On Sept. 22, Optus confirmed that hackers got access to the names, dates of birth, phone numbers, email addresses, and potentially the driver’s licence, passport numbers, and addresses, of millions of current and former customers.
The company said attackers had not been able to steal payment details and account passwords, and that it was working with the Australian Cyber Security Centre to limit any risk to customers.
Optus also said it already notified the Australian Federal Police, the Office of the Australian Information Regulator, and other major regulators.
“While not everyone may be affected and our investigation is not yet complete, we want all of our customers to be aware of what has happened as soon as possible so that they can increase their vigilance.
Regulators Concerned for Customers
Delia Rickard, deputy chair of the Australian Consumer and Competition Commission, said the leak of so much data was of great concern.“These are all the things that you need for identity theft and also all the things you need to personalise a scam and make it much more convincing,” she told Nine’s Today program.
In addition, Rickard said any Optus customers who suspected they are victim to fraud should request a ban on their credit records and also stay vigilant if they receive unexpected calls from people claiming to work for banks or government agencies.
Meanwhile, Scamwatch advised Optus customers to change online account passwords and enable multi-factor authentication for banking to protect their personal information.
It also told affected customers to set limits and monitor unusual activities on their bank accounts, as well as request a ban on credit reports if they suspected fraud.
“Never click on links or provide personal or financial information to someone who contacts you out of the blue.”
Liberal Senator James Paterson, a member of the federal Parliament’s intelligence committee, called the attack “one of the most serious” data breaches ever suffered by an Australian business.
“It is important to understand how this happened, who the attacker is, what mitigations can be made (and) what changes are necessary to prevent it from re-occurring,” he said in a Twitter post.