Optus, Australia’s second-largest telecommunications company, has revealed that customers’ personal information may have been compromised in a cyber attack against the company.
Optus said Thursday that it was investigating possible unauthorized access to customer information, including names, addresses, dates of birth, telephone numbers, email addresses, and driver’s license and passport numbers.
Sydney-based telecommunications said it “stopped” the attack immediately after it was discovered and nowhere customers who would have suffered damage, but advised customers to raise awareness of common or fraudulent activity on their accounts.
The company said it was working with the Australian cybersecurity centre to address risks for customers and had notified the country’s police and information commissioner of the attack. It was not specified when the attack took place or how many customers could be affected.
Optus services, voicemails and texts, payment details and account passwords were not affected when hacked, the company said.
“We are devastated to discover that we were exposed to a cyber attack that has resulted in our customers’ personal information being shared with someone who shouldn’t see it,” said Kelly Bayer Rosmarin, chief executive officer of Optus, in a statement.
“As soon as we knew it, we took action to block the attack and immediately launched an investigation. While not everyone may be affected and our investigation is ongoing, we want all of our customers to be aware of what happened as soon as possible so they can increase their vigilance.”
Bayer Rosmarin added that the company “deeply regrets” the incident and “worked with all relevant authorities and organizations to protect our customers as much as possible.”
The cyber attack is the latest in a series of data breaches and cyber attacks involving leading companies. In September alone, corresponding announcements were published by Samsung, North Face, American Airlines, Uber and Rockstar.
Trevor Long, a tech industry analyst based in Sydney, Australia, speculated that the incident could turn out to be the biggest personal data breach involving an Australian company.
“It’s reprehensible that Optus hasn’t notified customers yet and hasn’t made the announcement as a media alert and has only posted it on their media site instead,” Long told CNN Breaking News.
“We are always in danger, and that will happen again and again — unfortunately. The best thing we can do is change our passwords regularly, make sure we have two-factor authentication everywhere, and regularly check our financial accounts and credit reports for unauthorized activity.”