Optus has suffered a major data breach that has compromised the personal information of up to nine million Australian customers.
Personal data, including passport and license numbers, email and home addresses, dates of birth and phone numbers of 2.8 million customers were obtained in the cyberattack, Optus has confirmed.
WATCH THE VIDEO ABOVE: Details on Optus suffering a serious data breach.
Watch the latest news on Channel 7 or stream for free on 7plus >>
About seven million people’s birth dates, email addresses and phone numbers were stolen.
Cybercriminals could have access to enough information to steal the identities of millions of Optus customers, the Consumer Protection Agency warns.
Australia’s Consumer and Competition Commission Deputy Chair, Delia Rickard, said the cyberattack was extremely worrying because fraudsters could potentially access a large amount of personal data.
“These are all the things you need for identity theft, and also all the things you need to personalize a scam and make it a lot more convincing,” she told Nine on Friday.
Optus Australia confirmed the attack on Thursday and said it would “investigate possible unauthorized access to current and past customer information”.
“We are devastated to discover that we have been subjected to a cyberattack that resulted in our customers’ personal information being leaked to someone who should not see it,” said Kelly Bayer Rosemary, CEO of Optus.
“As soon as we knew, we took action to block the attack and launched an immediate investigation.
“While not everyone may be affected and our investigation is ongoing, we want all of our customers to know what happened as soon as possible so they can increase their vigilance.”
Optus-assured payment details and account passwords have not been compromised, and Optus services, including mobile and home internet, are unaffected.
“Optus has also notified key financial institutions of this matter,” Rosemary said.
“While we are not aware of any customers having suffered harm, we encourage customers to raise awareness of their accounts, including checking for any unusual or fraudulent activity and any notifications that seem strange or suspicious.
“We are very sorry and understand that customers will be concerned. Please rest assured that we are working hard to protect our customers as much as possible.”
A spokesperson for Minister for Cybersecurity Clare O’Neil told 7NEWS that they are aware of a recent cybersecurity incident affecting Optus Australia.
“The Australian Cybersecurity Center provides cybersecurity advice and technical support,” they said.
“Specific inquiries regarding this incident should be directed to Optus Australia.”
The Australian Federal Police, the Office of the Australian Information Regulatory Authority and other key regulators have also been notified.
What you can do
Scamwatch has advised Optus customers to protect their personal information by changing online account passwords and enabling multi-factor authentication for banking.
Affected customers should also restrict bank accounts, monitor for unusual activity, and request a credit report ban if fraud is suspected.
Laws questioned after Optus cyberattack
The federal opposition says the cyberattack is a dramatic wake-up call and requires stricter privacy and data laws.
While the government has launched a review of data security on social media platforms like TikTok, it will not be completed until next year, opposition communications spokeswoman Sarah Henderson said.
“It’s all too little, too late,” she said.
“Rather than kicking the can out onto the streets, Labor urgently needs to consider all regulatory options and act immediately to improve Australians’ online privacy and security.”
Senator Henderson said the opposition had been urging the Albanian government for months to enact tougher laws on data protection and online privacy.
In July she called on Labor to pass the coalition’s online privacy bill and earlier this month she and other opposition MPs had criticized the government for failing to tighten the laws.
The Australian Information Commissioner’s office said it will work with Optus to ensure compliance with the system’s requirements for reportable data breaches.
Under the framework, organizations subject to data protection law must notify data subjects as soon as possible if they are affected by a data breach that is likely to result in serious harm.
– With AAP
If you would like to see this content, please customize yours .