Singapore Telecommunications Ltd.’s Optus, the second-largest telco in Australia, said it will contact up to 10 million users whose personal information was stolen in a “sophisticated” attack, but noted that no business clients were affected.
In one of the worst cybersecurity breaches in the nation, Optus Chief Executive Kelly Bayer Rosmarin expressed her outrage and regret over an overseas business accessing home addresses, license and passport numbers from the company’s database of customer information.
40% of Australia’s population, or as many as 9.8 million accounts, may have been compromised, but Bayer Rosmarin indicated that “that is the absolute worst case scenario” and that they had “cause to believe that the number is actually fewer than that.”
According to Bayer Rosmarin, business clients didn’t seem to be impacted and there was no evidence that the intruder had access to passwords or bank account information. The attack, which Optus informed consumers about on Thursday, was still under investigation by law enforcement and cybersecurity experts.
In an online media briefing on Friday, Bayer Rosmarin stated: “We will be specifically identifying whose consumers (were affected) and proactively contacting each customer with clear explanations of which of their information has been disclosed and taken.
“I’m upset that there are people out there who would like to harm our clients in this way. I regret that we were unable to stop it and I apologize deeply “Added she.
She declined to elaborate on how the attacker got past the company’s protection, citing an ongoing criminal investigation, but she did observe that the attacker’s IP address, which is a computer’s unique identification, appeared to shift between various unnamed European nations.
Optus saw itself as a target for cyberattackers as a big telco and regularly thwarted efforts to enter its systems, but “this specific one is not similar to anything we’ve seen previously, and regrettably it was successful,” she said.
