One of Australia's biggest cybersecurity breaches, Optus, Australia's number two telecommunications company, said on Saturday it was contacting customers about a cyberattack that accessed personal details of up to 10 million customers.
Kelly Bayer Rosmarin said on Friday she was angry and sorry that an offshore-based entity had access to the company's database of customer information, accessing home addresses, drivers licence and passport numbers of the equivalent to 40% of Australia's population.
In an update on Saturday, the company, owned by Singapore Telecommunications Ltd, said it was contacting all customers to tell them of the previously announced cyberattack's impact on their personal information. Customers with their ID document number may have been compromised, all of whom will be notified by today. Customers who have had no impacts last will be notified, it said in a statement. No passwords or financial details have been compromised. Optus said corporate customers appeared unaffected by the sophisticated hack that it initially told customers about on Thursday.
Asked about the report, a Australian Federal Police spokesman said that police were aware of reports alleging stolen Optus customer data and credentials could be sold through a number of forums including the dark web Optus, and that the attacker's IP address appeared to move between countries in Europe.