SYDNEY (Reuters) – Australian No. 2 telco Optus, owned by Singapore Telecommunications Ltd, said it will contact up to 10 million customers whose personal information has been stolen in a “sophisticated” hack, but added that there is no business customers are at risk.
Optus CEO Kelly Bayer Rosmarin said she was angry and regretful that an offshore-based entity had broken into the company’s database containing customer information, access to home addresses, driver’s license and passport numbers in one of the country’s largest cybersecurity breaches.
As many as 9.8 million accounts could be compromised, equivalent to 40% of the Australian population, but “that’s the absolute worst case scenario (and) we have reason to believe the number is actually smaller than that,” Bayer said. Rosmarin.
Bayer Rosmarin said business customers appeared unaffected and there was no evidence that the intruder had stolen customer bank account information or passwords. Police and cybersecurity authorities are still investigating the attack that Optus told customers about on Thursday.
“We will specifically identify which customers (were affected) and proactively contact each customer with clear explanations as to which of their information has been exposed and taken,” Bayer Rosmarin said in an online media briefing on Friday.
“I’m upset that there are people who want to do this to our customers. I’m disappointed we couldn’t have prevented it…and I’m very sorry,” she added.
She declined to provide details about how the attacker had breached the company’s security, citing an ongoing criminal investigation, but noted that the attacker’s IP address — a computer’s unique identifier — appeared to move between -specified countries in Europe.
As a major telco, Optus viewed itself as a target for cyber attackers and routinely fended off attempts to breach its systems, but “this particular one isn’t comparable to anything we’ve seen before, and unfortunately it was successful,” she said.
(Reporting by Byron Kaye; editing by Lincoln Feast.)