Optus, Australia’s second-largest telecom, has disclosed that customers’ personal data may have been compromised in a cyberattack against the company.
Optus said on Thursday that it was investigating the possible unauthorised access of customer information, including names, addresses, dates of birth, phone numbers, email addresses, and driver’s licence and passport numbers.
The Sydney-based telecom said it had “shut down” the attack immediately after its discovery and was not anywhere of any customers suffering harm, but advised customers to have “heightened awareness” about usual or fraudulent activity on their accounts.
The company said it was working with Australia’s cybersecurity centre to address any risks to customers and had notified the police and the country’s information commissioner about the attack. It did not specify when the attack occurred or how many customers may be affected.
Optus services, voicemails and texts, payment details, and account passwords were not compromised in the hacking, the company said.
“We are devastated to discover that we have been subject to a cyberattack that has resulted in the disclosure of our customers’ personal information to someone who shouldn’t see it,” Optus Chief Executive Officer Kelly Bayer Rosmarin said in a statement.
“As soon as we knew, we took action to block the attack and began an immediate investigation. While not everyone may be affected and our investigation is not yet complete, we want all of our customers to be aware of what has happened as soon as possible so that they can increase their vigilance.”
Bayer Rosmarin added that the company was “very sorry” about the incident and “engaging with all the relevant authorities and organisations, to help safeguard our customers as much as possible.”
The cyberattack is the latest in a string of recent data breaches and cyberattacks involving leading companies, with September alone seeing related announcements by Samsung, North Face, American Airlines, Uber and Rockstar.
Trevor Long, a technology industry analyst based in Sydney, Australia, speculated the incident could turn out to be biggest breach of personal data involving an Australian company.
“It is reprehensible that Optus has not yet notified customers and didn’t make the announcement as a media alert and instead just posted it on their media site,” Long told Al Jazeera.
“We are always at risk, and this will happen again and again – sadly. The best we can do is regularly change our passwords, ensure we have two factor authentication in all places, and regularly check our financial accounts and credit report for any unauthorised activity.”