On Thursday, Australian telecoms giant Optus disclosed a major cyberattack that allowed threat actors to steal identifying details of nearly 10 million customers.
The exposed data includes personally identifying information (PII) such as:
Optus said in a press release that mobile and home internet services were not affected during the attack and that billing, payment details and account passwords were not compromised.
The company claims that as soon as it discovered unauthorized access on its network, it immediately shut down the attack and contacted the Australian Cyber Security Centre to mitigate any risks to customers. Optus is also working closely with Australian Federal Police and Information Commissioner’s Office during the ongoing investigation.
"We are devastated to discover that we have been subject to a cyberattack that has resulted in the disclosure of our customers’ personal information to someone who shouldn’t see it," said Optus CEO Kelly Bayer Rosmarin.
"As soon as we knew, we took action to block the attack and began an immediate investigation. While not everyone maybe affected and our investigation is not yet complete, we want all of our customers to be aware of what has happened as soon as possible so that they can increase their vigilance,” Rosmarin added.
According to Reuters, the alleged attackers created an online account on a forum on the dark web where they threatened to publicly release the data of 10,000 Optus customers per day unless the company paid a ransom of $1 million in cryptocurrency.
Today, however, the individuals behind the account ‘optusdata’ updated their post, claiming they deleted the data and withdrew their demands after leaking the information of 10,200 users.
Mitigating risk stemming from major data breaches involves the utmost vigilance from impacted customers.
The telecom provider has stressed that official company communications via email or SMS will not contain any hyperlinks or requests to confirm sensitive data, and advises any recipients of such messages to dismiss them entirely.
While Optus and Australian law enforcement investigate the attack, including verifying the validity of the leaked customer data online, the telecom provider is offering free credit and identity monitoring for customers.
It’s also recommended that users:
Bitdefender offers a wide range of security and privacy solutions that protect your financial and digital wellbeing. For data breach victims and other privacy-conscious digital citizens, we provide dedicated privacy tools and services.
Bitdefender Digital Identity Protection, keeps you on top of data breaches and leaks with 24/7 data breach monitoring and real-time alerts for privacy threats. This way, you can change your passwords and secure your accounts to prevent financial loss or social media impersonation.
Consumers in the US can fend off identity theft and fraud by subscribing to our dedicated Identity Theft Protection service that offers real-time fraud, data breach and credit monitoring, SSN tracker and support of our #1-rated experts including insurance of up to $2 million.
tags
Alina is a history buff passionate about cybersecurity and anything sci-fi, advocating Bitdefender technologies and solutions. She spends most of her time between her two feline friends and traveling.
View all postsDecember 19, 2024
November 14, 2024