Optus has suffered a cyber attack and data breach involving the details of potentially millions of customers, with “a subset” having their identity documentation exposed.
The Australian reported Thursday that “about 2.8 million” customers had personal details exposed in the attack, though Optus has not put any numbers out publicly on the impacted cohort.
An Optus spokesperson declined to confirm the number to iTnews, saying an investigation is still underway.
The telco has, however, said that data that “may have been exposed includes customers’ names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses, ID document numbers such as driver’s licence or passport numbers.”
It said account passwords and payment details “have not been compromised.”
Optus also said that its telecommunications services “remain safe to use and operate as per normal.”
CEO Kelly Bayer Rosmarin said the telco was “devastated to discover” the attack, which “has resulted in the disclosure of our customers’ personal information to someone who shouldn’t see it.”
“As soon as we knew, we took action to block the attack and began an immediate investigation,” she said.
“While not everyone may be affected and our investigation is not yet complete, we want all of our customers to be aware of what has happened as soon as possible so that they can increase their vigilance.
“We are very sorry and understand customers will be concerned.”
The telco did not say when the attack and breach took place, nor offer any information on how it was detected.
A spokesperson told iTnews that Optus “went out with the media statement within 24 hours of establishing that customers’ information had been compromised.”