Optus cyberattack: warn that other telecommunications operators could be at risk of a breach

Australians have received a serious warning following a major cyberattack that compromised the personal information of millions of Optus users.

Optus confirmed the data breach in a statement Thursday afternoon, with some nine million people affected by the attack.

“Information that may have been exposed includes customers’ names, dates of birth, phone numbers, email addresses and, for a subset of customers, addresses, identification document numbers such as driver’s license or passport numbers,” the telecom operator said in a statement. .

“Payment details and account passwords were not compromised.”

Nearly 2.8 million customers had all of their details taken in the attack and around seven million had information such as their dates of birth, email addresses and phone numbers taken by the hackers, The Australian reported.

Now Delia Rickard, deputy chair of the Australian Competition and Consumer Commission (ACCC), has issued a fresh warning as the telecom operator continues to recover from the attack.

Talk to Nine Todayshe warned that other Telcos could also be vulnerable to similar security flaws.

“Cybercrime these days is huge and while most agencies spend a fortune to protect themselves, you can’t say anyone is 100% safe,” Ms Rickard said.

The breach is believed to have been started by a weakness in Optus’ firewall and affects both current and former customers.

Ms Rickard said there are a number of things people can do to protect themselves if they are concerned their personal data has been exposed.

Simple steps like enabling two-factor authentication on all banking transactions and regularly checking your accounts to see if any unknown purchases have been made can help keep your information safe.

Ms Rickard also said people should be on the lookout for any contact with potential scammers.

“I think one of the really important things is when you’re contacted by someone you’re not expecting, they say it’s the government, your bank, whatever identity , when you’re dealing with people at a distance, you’ll never know who you’re dealing with,” she said.

“Because the scammers have so much data about you, they will know your name, they will know your age, they can personalize the scams and we know that when someone calls you and has your name and some details, you are much more likely trust them.

“So I think I’m also very skeptical.”

It’s also possible to get a free credit reference check every three months, allowing you to see if anyone has applied for loans on your behalf.

Ms Rickard said the whole situation was “very concerning”.

Mystery surrounds hackers responsible for attacks

It remains unclear who was responsible for the Optus attack, with officials continuing to search for the hackers involved.

Former head of Australia’s Cybersecurity Center Alastair McGibbon believes the source of the breach was most likely a criminal group.

“They take information and then monetize our personal data,” he told Nine’s. A topical matter.

“The fact that Optus came out so quickly is actually a significant advantage for us.

“It’s quite fast in terms of cybercrime.”

Mr McGibbon said sometimes organizations spend weeks investigating hacking before even notifying the government.

Optus CEO Kelly Bayer Rosmarin said the phone company acted immediately to halt further action after learning of the attack, and authorities were called to help investigate the source.

“We are very sorry and understand that customers will be worried,” she said.

“Rest assured that we are working hard and collaborating with all relevant authorities and organizations to help protect our customers as much as possible.

“Optus has also notified major financial institutions of this matter. While we are not aware of any customers who have suffered harm, we encourage customers to exercise increased due diligence on their accounts, including looking for unusual activity. or fraudulent and any notification that seems strange or suspicious.

Optus said its services were unaffected by the breach and remained safe to use, with messages and voice calls not compromised.

Optus said it will send “proactive personal notifications” to customers they identify as being at “increased risk”, but says it will not send any links in emails or text messages.

The phone company told customers to go to their website for information or contact them if they have a problem.

Australian Federal Police said they had been made aware of the incident on Thursday but could not comment further.

The federal government has been made aware of the situation, with the Australian Cyber ​​Security Center providing security advice and technical assistance.

– with NCA NewsWire

Originally published as Australians offered grim warning after major Optus cyberattack