Optus, the Australian unit of telecoms firm Singapore Telecommunications STEL.SI, said it was investigating the unauthorised access of customer details including home addresses, driver’s licence and passport numbers, after a cyberattack.
Wireless carrier Optus said in a statement on Thursday it had immediately shut down the attack after discovering it, and that payment details and account passwords had not been compromised.
Optus CEO Kelly Bayer Rosmarin said the company had notified Australian Federal Police after noticing “unusual activity”.
Bayer Rosmarin told ABC television the company will contact high-risk customers “quite soon”, and apologized for the incident.
She said names, dates of birth and contact details had been accessed, “in some cases” the driving licence number, and in “a rare number of cases the passport and the mailing address” had also been exposed.
Investigators are trying “to understand who has been accessing the data and for what purpose,” she said.
“Optus is working with the Australian Cyber Security Centre to mitigate any risks to customers,” Optus said in the statement on its website.
Bayer Rosmarin said Optus had put all customers on high alert as a precaution.
The Australian newspaper reported that up to 9 million customers may have been affected. Optus told Reuters it could not confirm the number of customers impacted and was continuing to investigate.
“Optus has also notified key financial institutions about this matter. While we are not aware of customers having suffered any harm, we encourage customers to have heightened awareness across their accounts, including looking out for unusual or fraudulent activity and any notifications which seem odd or suspicious,” the Optus statement added.
“It is a significant breach by Australian standards,” the former National Cybersecurity Adviser, Alistair MacGibbon, told ABC television.