Australian telecoms company Optus has disclosed a data breach impacting the personal information of both former and current customers.
Founded in 1981, Optus is owned by Singapore Telecommunications and is the second largest wireless services provider in Australia. It has nearly 10 million subscribers and they could all be impacted by the breach.
On Thursday, the wireless carrier announced that unknown attackers were able to breach its systems, gaining access to information such as names, birth dates, email addresses, phone numbers, addresses, and ID document numbers.
Optus CEO Kelly Bayer Rosmarin said earlier this week that, while all the company’s customers were informed of the data breach, it’s unclear yet how many of them were actually impacted by the incident.
Optus claims that customer payment details and account passwords were not accessed in the attack, and that none of its services was affected in the incident.
What the company hasn’t detailed, however, is the manner in which the attackers gained access to its network. Its CEO did say that no ransom demand has been made, but noted that it’s too early to rule out any possibility.
Via its Scamwatch website, which offers information on how to avoid scams, the Australian Competition and Consumer Commission (ACCC) on Thursday warned Optus customers of potential fraud attempts following the cyberattack.
“Scamwatch is warning Optus customers to be on the lookout for scams and take steps to secure their personal information following a cyberattack. […] Optus customers should take immediate steps to secure all of their accounts, particularly their bank and financial accounts,” ACCC said.
*updated with information on potential number of impacted users and to say that no ransom demand has been made