Australia phones cyber-attack exposes personal data

Optus on a mobile phoneGetty Images
By Shiona McCallum
Technology reporter

Australia's second-largest telecommunications company, Optus, has reported a cyber-attack.

The breach exposed customers' names, dates of birth, phone numbers and email addresses.

The company - which has more than ten million subscribers - says it has shut down the attack but not before other details such as driver's licences and passport numbers were hacked.

Optus says payment data and account passwords were not compromised.

This Twitter post cannot be displayed in your browser. Please enable Javascript or try a different browser.View original content on Twitter
The BBC is not responsible for the content of external sites.
Skip twitter post by Optus

Allow Twitter content?

This article contains content provided by Twitter. We ask for your permission before anything is loaded, as they may be using cookies and other technologies. You may want to read Twitter’s cookie policy and privacy policy before accepting. To view this content choose ‘accept and continue’.

The BBC is not responsible for the content of external sites.

The company said it would notify those at "heightened risk" but all customers should check their accounts.

Chief executive Kelly Bayer Rosmarin apologised to its customers, on ABC TV.

She said names, dates of birth and contact details had been accessed, "in some cases" the driving licence number, and in "a rare number of cases the passport and the mailing address" had also been exposed.

The company had notified the Australian Federal Police after noticing "unusual activity".

And investigators were trying "to understand who has been accessing the data and for what purpose".

Optus says the type of information that may have been hacked includes customers'

  • names

  • dates of birth

  • phone numbers

  • email addresses

  • addresses

  • ID document numbers such as driver's licence or passport numbers

"Optus is working with the Australian Cyber Security Centre to mitigate any risks to customers," a statement on its website said.

"Optus has also notified key financial institutions about this matter.

"While we are not aware of customers having suffered any harm, we encourage customers to have heightened awareness across their accounts, including looking out for unusual or fraudulent activity and any notifications which seem odd or suspicious."

Ms Rosmarin said the company had put all customers on high alert as a precaution - but many have been left frustrated and concerned.

This Twitter post cannot be displayed in your browser. Please enable Javascript or try a different browser.View original content on Twitter
The BBC is not responsible for the content of external sites.
Skip twitter post 2 by Rick Threlfall

Allow Twitter content?

This article contains content provided by Twitter. We ask for your permission before anything is loaded, as they may be using cookies and other technologies. You may want to read Twitter’s cookie policy and privacy policy before accepting. To view this content choose ‘accept and continue’.

The BBC is not responsible for the content of external sites.

Kaspersky cyber-security researcher David Emm told BBC News: "It's good to see that Optus has said that it will contact those it believes are affected and that they will not be sending messages in emails or via SMS [text] messages - this makes it clear to customers that any such messages they receive will be fake.

"It's also reassuring that no passwords or payment information has been stolen.

"Nevertheless, customers should be on the alert for any fraudulent activity they see and should protect their online accounts with unique, complex passwords and using two-factor authentication."

Related Topics

More on this story