Scam warning as Optus reaches out to 10 million customers after data hack
As Optus began contacting up to 10 million customers who could be victims of a data breach, the Australian Consumer and Competition Commission has warned all of the telco and phone retailer’s customers to protect their accounts and watch for scams.
Describing one of Australia’s biggest cybersecurity breaches, Optus CEO Kelly Bayer Rosmarin said on Friday that an “offshore-based entity” had broken into the company’s database of customer information, accessing home addresses, drivers licence and passport numbers of the equivalent to 40 per cent of the country’s population.
The Australian Federal Police, meanwhile, said it was monitoring the dark web to look for any evidence the stolen information was being offered for sale.
Rosmarin said that she was “angry and sorry” for the breach that she described as a “sophisticated” hack, but assured customers that no passwords or financial details have been compromised. Corporate customers are unaffected.
On Saturday morning, Optus said it had started the process of contacting affected customers, commencing with those whose ID document details may have been copied.
“All of [them] will be notified by today. We will notify customers who have had no impacts last,” the company said in a statement.
The hack appears to have been orchestrated from Europe. Optus is owned by Singapore telecom provider SingTel.
On Saturday, the Sydney Morning Herald reported that Optus was investigating a threat to sell customer information online unless the company paid $1 million in cryptocurrency to the hackers. An Australian Federal Police spokesperson told Reuters that police were aware of those reports.
Optus said as the attack was under police investigation it “cannot comment on certain aspects of the incident”.
What to do if your information may have been stolen
ACCC Scamwatch has advised Optus customers to take “immediate steps” to secure all of their accounts, particularly their bank and financial accounts. “You should also monitor for unusual activity on your accounts and watch out for contact by scammers.”
The regulatory authority warned customers that their name, date of birth, phone number and email addresses may have been released. “For some customers, identity document numbers such as driver’s licence or passport numbers could be in the hands of criminals. It is important to be aware that you may be at risk of identity theft and take urgent action to prevent harm.
“Scammers may use your personal information to contact you by phone, text or email.”
ACCC Scamwatch advises the following:
- Secure your devices and monitor for unusual activity.
- Change your online account passwords and enable multi-factor authentication for banking.
- Check your accounts for unusual activity such as items you haven’t purchased.
- Place limits on your accounts or ask you bank how you can secure your money.
- If you suspect fraud you can request a ban on your credit report.
- Never click on links or provide personal or financial information to someone who contacts you out of the blue.