Australian Number 2 telecom company Optus has suffered a major data breach that affected millions of its customers, according to a report from The Australian newspaper. Owned by Singapore Telecommunications Ltd, Optus said that hackers stole personal details of up to 10 million customers in a “sophisticated” hack, but added no corporate clients were compromised.
The company spokesperson said that they could not confirm a number at this time and the conducting investigation to determine the scope of the incident. “We’ve gone out early to all of our customers even though we know not all have been impacted. We really do think it gives customers a better chance, but it unfortunately it means we don’t have all the answers,” Optus said.
In a statement released yesterday, the company confirmed the data breach, saying that the cyberattack may have led to unauthorized access to some of its customers’ personal data, including customers’ names, dates of birth, phone numbers, and email addresses.
The company also said that a subset of customers may have had addresses exposed to the data breach including ID document numbers such as driver’s licenses or passport numbers. But added that payment information and account passwords have not been compromised.
CEO Kelly Bayer said the company is “devastated” to have been subject to the cyberattack. “As soon as we knew, we took action to block the attack and began an immediate investigation. While not everyone may be affected and our investigation is not yet complete, we want all of our customers to be aware of what has happened as soon as possible so that they can increase their vigilance,” she said.
“We are very sorry and understand customers will be concerned. Please be assured that we are working hard, and engaging with all the relevant authorities and organizations, to help safeguard our customers as much as possible.”
Optus said it is working with the Australian Cyber Security Centre to assess and mitigate risks. The company also added that it has notified the Australian Federal Police, the Office of the Australian Information Commissioner, and key regulators.
“Optus has also notified key financial institutions about this matter,” Bayer said. “While we are not aware of customers having suffered any harm, we encourage customers to have heightened awareness across their accounts, including looking out for unusual or fraudulent activity and any notifications which seem odd or suspicious.”
As of December 2019, Optus is the second largest wireless carrier in Australia with over 10.2 million mobile subscribers.
Data breach incidents have increased in recent months. Two days ago, Rockstar parent company Take-Two Interactive Software was hacked, as hackers targeted 2K Games Support urging users to download malware. Take-Two said that a hacker had gained access to the help desk platform of its unit 2K Games and sent a malicious link to certain customers.
The cost of a data breach continues to skyrocket. According to a recent IBM study conducted by the Ponemon Institute, data breaches cost American companies on average more than $8 million per incident, with big breaches (more than 50 million records) costing $388 million.
Many of the biggest breaches are the result of a shift in how the increasingly digitized economy operates. As companies have embraced the cloud, data is no longer stored in electronic fortresses. As we reported a year ago, most cloud-related data breaches were caused by cloud misconfigurations, which now cost enterprises nearly $5 trillion.