The attack – which under a “worst case scenario” has compromised the personal data of 9.8 million customers – became known to Optus on Wednesday afternoon but the media was notified of the attack via a press release 24 hours later.
Customers are now beginning to receive communications via email notifying them of the data breach, signed by the telco’s CEO Kelly Bayer Rosmarin.
“It is with great disappointment I’m writing to let you know that Optus has been a victim of a cyberattack that has resulted in the disclosure of some of your personal information,” the email reads.
“Importantly, no financial information or passwords have been accessed. The information which has been exposed is your name, date of birth, email, phone number, address associated with your account, and the numbers of the ID documents you provided such as drivers licence number or passport number.
“No copies of photo IDs have been affected.”
The telco “apologised unreservedly” and said it was “devastated” the breach had occurred.
“We are working as hard as possible with the relevant authorities and organisations to ensure no harm comes from this unfortunate attack,” the email said.я╗┐
“We used those 24 hours to shut down unauthorised access and to check there weren’t additional vulnerabilities,” she said.
Optus has received criticism for not notifying customers at the same time the media was alerted to the incident.
я╗┐The telco has defended its actions to customers, as seen in the email, claiming it was the “quickest and most effective way” to alert them.
Now, the extent of the compromise for customers is becoming clear as emails are sent out.
Australian watchdog Scamwatch has warned all Optus customers to be vigilant for unusual activity on their accounts and communications they receive via phone and email.
Text message scam attempts to fool recipient with contact name
я╗┐For customers who have specific concerns, they can contact Optus via the My Optus App (which remains the safest way to interact with Optus) or by calling 133 937. Optus will not be sending links in any emails or SMS messages.