Customers dating back to 2017 are advised that they could be at risk of identity theft because of the malicious data breach.
Kelly Bayer Rosmarin, Optus Chief Executive, said the breach was the result of sophisticated criminals. She said heightened vigilance was needed and the motive behind the attack is not yet known.
Optus is still encouraging customers to be extra vigilant. The telco company says this means:
Scamwatch has advised Optus customers to secure their personal information by changing online account passwords and enabling multi-factor authentication for banking.
The Australian Consumer and Competition Commission said that customers who suspect they are victims of fraud should request a ban on their credit records and be highly skeptical of unexpected calls from people pretending to represent banks or government agencies.
Who is at risk from the Optus data breach?
We don't know for sure yet.
This was a sophisticated attack, and we do know that it was a sophisticated attack.
Ms Bayer Rosmarin said on Friday morning that the IP address kept moving, and came out of various countries in Europe, without saying too much.
Ms Bayer Rosmarin says this has an impact on Optus customers dating back to 2017 in terms of customer data.
Optus confirmed on Thursday that customers' names, birth dates, phone numbers, email addresses, driver's licence numbers, passport numbers, and addresses could have been accessed in the attack.
Customers' payment details and account passwords haven't been compromised.
Will Optus contact those at risk?
Optus said it will be contacting customers affected by the data breach in the next few days and that customers who had exposed the most fields would be contacted first.
All customers will know what category they fall into in the coming days.
If you believe your account has been compromised, you can contact Optus through its My Optus App, which it says is the safest way to contact Optus, or by calling.
What if you think your passport number, licence or ID has been used?
The office of the Australian Information Commissioner OIAC warns that only a small amount of information is needed to compromise a person's identity.
If you need to get help with government-issued ID, such as your driver's license, Medicare card or passport, you can contact the agency that issued the identity document.
The Australian Federal Police AFP says they immediately contact RportCyber if they believe they have been victim to a cybercrime.
You can also:
Contact IDCARE, a free service that will work with you to develop a plan to limit the damage of identity theft.
What is Optus doing about the security breach?
The AFP is working with Optus to obtain information needed to conduct the criminal investigation.
Optus is working with the Australian Cyber Security Centre to limit the risk to both current and former customers.
Optus took action as soon as it learned of the breach and that not everyone may be affected by the Office of the Australian Information Regulator and other key regulators.