Australia’s second-largest telecommunications company, Optus, announced Thursday it is “investigating the possible unauthorized access of current and former customers’ information” following a cyberattack.
Although the company itself said it could not yet confirm how many customers may have been impacted by the breach, The Australian newspaper reported that it could be up to nine million.
The Sydney-based company’s statement claimed it “immediately shut down the attack” as soon as it was discovered, although it did not detail what the attack involved, nor if hackers had been present on its networks for an extended period of time.
Payment details and account passwords were unaffected, the company said, however chief executive Kelly Bayer Rosmarin said that personally identifying information including names, dates of birth, phone numbers and email addresses may have been exposed.
In some cases customers’ postal addresses, driving license numbers and passports may also have been accessed by the attackers, Bayer Rosmarin confirmed.
She apologized for the incident in an interview with the country’s public broadcaster ABC and said Optus would be proactively contacting high-risk customers.
In the company’s statement, Bayer Rosmarin said: “We are devastated to discover that we have been subject to a cyberattack that has resulted in the disclosure of our customers’ personal information to someone who shouldn’t see it.”
The company said it was working with the Australian Cyber Security Centre and has notified the Australian Federal Police and the country’s data protection regulator, alongside others.
“Optus has also notified key financial institutions about this matter,” the company’s statement added.
“While we are not aware of customers having suffered any harm, we encourage customers to have heightened awareness across their accounts, including looking out for unusual or fraudulent activity and any notifications which seem odd or suspicious,” it said.
Alexander Martin is the UK Editor for The Record. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.