Singapore Telecommunications Ltd.’s (STEL.SI) Optus, the No. 2 telecom in Australia. Australia’s Optus says customers caught in cyber attack up to 10 mln whose personal information was stolen in a “sophisticated” breach, but noted that no corporate clients were impacted.
In one of the worst cybersecurity breaches in the nation, Optus Chief Executive Kelly Bayer Rosmarin expressed her outrage and regret over an overseas business accessing home addresses, licence and passport numbers from the company’s database of customer information.
As many as 9.8 million accounts may be compromised, equivalent to 40% of Australia’s population, but “that is the absolute worst case scenario (and) we have reason to believe that the number is actually smaller than that”, Bayer Rosmarin said.
Bayer Rosmarin said corporate customers appeared unaffected and there was no indication the intruder took customer bank account details or passwords. Police and cybersecurity authorities were still investigating the attack which Optus told customers about on Thursday.
“We will be identifying specifically which customers (were affected) and proactively contacting each customer with clear explanations of which of their information has been exposed and taken,” Bayer Rosmarin said in an online media briefing on Friday.
“I’m angry that there are people out there that want to do this to our customers. I’m disappointed that we couldn’t have prevented it, and I’m very sorry,” she added.
She declined to give details of how the attacker breached the company’s security, citing an ongoing criminal investigation, but noted the attacker’s IP address – the unique identifier of a computer – appeared to move between unspecified countries in Europe.
As a major telco, Optus considered itself a target for cyber attackers and routinely repelled attempts to breach its systems but “this particular one is not similar to anything we’ve seen before, and unfortunately it was successful”, she said.