Optus reveals massive damage from data breach
Share
Optus has revealed that over 2.1 million customers have had their ID numbers, including driver’s licences, stolen after a significant cyber attack.
In a statement released on Monday afternoon, the telco confirmed that about 1.2 million of the ID numbers were stolen and an additional 900,000 customers have had numbers from expired documents comprised.
Customers who had their sensitive details stolen in the cyber attack are being contacted by Optus to advise what ID documents have been exposed.
It comes as the telecommunications giant launched an independent, external review of the circumstances surrounding the data hack.
Related: Simon Carabetta of ES2 on navigating the evolving landscape of cyber security
Embattled chief executive Kelly Bayer Rosmarin, who has been criticised for the way Optus has handled the attack, recommended the review to the board which unanimously agreed to it.
Ms Rosmarin said the telco was committed to rebuilding trust with its customers and the review would assist that process.
“We’re deeply sorry that this has happened and we recognise the significant concern it has caused many people,” she said in a statement.
She said the review would help Optus understand how the attack happened and ensure it would not happen again.
International professional services firm Deloitte will conduct the review of Optus security systems, controls and processes.
Cabinet minister Tanya Plibersek said while people had been receiving their bills on time, Optus had not told customers whether their personal details had been stolen.
“One of the real problems is the lack of communication by Optus, both with its customers and the government,” she said.
“It’s extraordinary we don’t have any Medicare numbers or Centrelink numbers that may have been compromised.”
Yet former Minister of Home Affairs Karen Andrews said the federal government’s response to the breach had also been inadequate.
While she did not absolve Optus of its corporate responsibilities, Ms Andrews said the government had “failed quite dismally” in its response.
At least 10,000 parcels of ID data taken in the breach were put on the internet for sale by the hacker but were later taken down.
Cyber Security Minister Clare O’Neil said Optus needed to be up-front about what specific data had been taken, saying the federal government did not know how many passport numbers had been stolen.
On Sunday, Ms O’Neil demanded Optus respond to the government’s request for more information so it could help protect Australians from fraud.
The minister also criticised the former Morrison government, describing laws designed to protect Australia’s critical infrastructure from cyber attacks as “absolutely useless”.
With AAP
Eliza is a content producer and editor at Public Spectrum. She is an experienced writer on topics related to the government and to the public, as well as stories that uplift and improve the community.
Today’s Pick
11th Annual Aus Goverment Data Summit
April 1, 2025
7th Annual NZ Government Data Summit
May 7, 2025
3rd Public Sector Comms Week
May 14, 2025
Subscribe
We send emails,
but we do not spam
Join our mailing list to be on the front lines of healthcare , get exclusive content, and promos.
AI appointment Australia Australian boost boosts business businesses covid-19 cyber attack cybersecurity cyber security data data breach data management defence Digital employment enhance enhances fraud funding governance government grants Healthcare infrastructure Innovation Lockdown management new zealand NSW NZ online public Public Sector queensland renewable energy scams security Social Media Technology telecommunications victoria WA
Last Viewed