SYDNEY, (Reuters) – Australian No. 2 telco Optus, owned by Singapore Telecommunications Ltd (STEL.SI), said it will contact up to 10 million customers whose personal details were taken in a “sophisticated” hack, but added no corporate clients were compromised.
Optus chief executive Kelly Bayer Rosmarin said she was angry and sorry that an offshore-based entity had broke into the company’s database of customer information, accessing home addresses, drivers licence and passport numbers in one of the country’s biggest cybersecurity breaches. As many as 9.8 million accounts may be compromised, equivalent to 40% of Australia’s population, but “that is the absolute worst case scenario (and) we have reason to believe that the number is actually smaller than that”, Bayer Rosmarin said.
Bayer Rosmarin said corporate customers appeared unaffected and there was no indication the intruder took customer bank account details or passwords. Police and cybersecurity authorities were still investigating the attack which Optus told customers about on Thursday. “We will be identifying specifically which customers (were affected) and proactively contacting each customer with clear explanations of which of their information has been exposed and taken,” Bayer Rosmarin said in an online media briefing on Friday.
“I’m angry that there are people out there that want to do this to our customers. I’m disappointed that we couldn’t have prevented it … and I’m very sorry,” she added. She declined to give details of how the attacker breached the company’s security, citing an ongoing criminal investigation, but noted the attacker’s IP address – the unique identifier of a computer – appeared to move between unspecified countries in Europe.
As a major telco, Optus considered itself a target for cyber attackers and routinely repelled attempts to breach its systems but “this particular one is not similar to anything we’ve seen before, and unfortunately it was successful”, she said.