The Australian company Optus, which is one of the largest telecommunications companies in the country, has announced a huge data breach after claiming that it has fallen victim to a cyber-attack.
The breach could affect all of Optus’s 10 million customers – approximately 40% of the population – and has been described by some as one of the worst breaches in Australian history.
Following the cyber attack and data breach, there have been some even more serious developments, including ransom threats, and tense public exchanges. It has also sparked a new debate about how Australian companies are regulated and how consumer data is protected.
How did the breach happen?
It’s still unclear how the data breach happened. However, Optus announced it around 24 hours after it initially noticed suspicious activity across its network.
A company spokesperson said current and former customers’ data was stolen – including names, birthdates, home addresses, phone and email contacts, and passport and driving license numbers. It claims that payment details and account passwords were not compromised.
For the 2.8 million Optus customers whose passport or license numbers were compromised, there have been warnings about the significant risk of identity theft and fraud.
Optus says it’s currently investigating the breach and the police have been notified, along with government regulators and financial institutions.
Going forward, security experts have suggested that data retention laws should be reformed so telecommunications companies don’t need to hang onto sensitive information for as long. Under the current rules, companies need to keep information for six years.
Optus chief executive Kelly Bayer Rosmarin described the breach as a “sophisticated attack”, saying the company has very strong cybersecurity.
“Obviously, I am angry that there are people out there that want to do this to our customers, and I’m disappointed that we couldn’t have prevented it,” she said in a statement last week.