Cyber-attack on wireless firm exposes data belonging to 40% of this country's population
According to Reuters, the second largest wireless provider in Australia, Optus, has been contacting customers about a data breach that revealed personal information belonging to as many as 10 million customers. The size of the compromised database makes this one of the largest cybersecurity breakdowns in the country's history. At 10 million subscribers, the sheer number of Australians impacted equals about 40% of the country's population of 25.9 million people.
40% of Australia's population might have had their personal data stolen in Optus' data breach
Information possibly obtained by the bad actors involved includes the names, birthdates, home addresses, phone numbers, email addresses, driver's license numbers, and passport numbers of those in the database. All that is known about the data breach is that it originated from an off-shore entity. Optus CEO Kelly Bayer Rosmarin said that she was sorry and angry about the cyber attack. The company said yesterday that it is trying to reach "all customers to notify them of the previously announced cyberattack's impact, if any, on their personal details."
Optus keeps its customers informed via Twitter
"We will begin with customers whose ID document number may have been compromised, all of whom will be notified by today," Optus said in a statement. "We will notify customers who have had no impacts last. No passwords or financial details have been compromised." The "sophisticated hack," as the data breach was referred to by Optus, did not seem to affect corporate customers.
The CEO noted that many Optus customers are now concerned about the safety of their personal information, and are frustrated by the incident.
Authorities are investigating a possible lead. The Sydney Morning Herald published a story yesterday stating that Optus received a blackmail threat demanding that it pay $1 million in cryptocurrency or else the hackers would sell the personal information belonging to millions of customers. The Australian Federal Police told Reuters that it is aware of reports that on the "dark web," and through other sources, Optus customer data and other "credentials" are available for purchase.
Optus noted that since the matter is under investigation by law enforcement, the amount of information it can release pertaining to this data breach is limited. The carrier did point out that the IP address belonging to the hackers moved between different countries in Europe. The wireless provider, in a tweet, suggested that customers keep an eye out for any unusual and suspicious activity in their accounts.
Optus subscribers should look over their accounts for odd or suspicious activity
The tweet said, "While we are not aware of customers having suffered any harm, we encourage you to have a heightened awareness across your accounts, including looking out for unusual or fraudulent activity, as well as any notifications which may seem odd or suspicious." Optus currently has about 5.8 million active users which amount to 21% of Australia's population. Telstra is the largest wireless provider in the country with close to 20 million subscribers.
David Emm, who works as a cybersecurity researcher for Kaspersky, told the BBC that "It's good to see that Optus has said that it will contact those it believes are affected and that they will not be sending messages in emails or via SMS [text] messages - this makes it clear to customers that any such messages they receive will be fake. It's also reassuring that no passwords or payment information has been stolen."
Emm added, "Nevertheless, customers should be on the alert for any fraudulent activity they see and should protect their online accounts with unique, complex passwords and using two-factor authentication."
Emm added, "Nevertheless, customers should be on the alert for any fraudulent activity they see and should protect their online accounts with unique, complex passwords and using two-factor authentication."
In the U.S., hackers have picked on T-Mobile. The carrier ran up a tab of at least $500 million for customer compensation and to beef up its internal security systems after more than 48 million former, current, and prospective T-Mobile customers had their personal data swiped. The attack on the country's second-largest wireless carrier took place in 2021. To help customers who believed that their personal information was stolen, T-Mobile offered them two free years of McAfee ID Theft Protection Service.
Things that are NOT allowed: