Optus has said that several million customers have been affected by a cyber-attack that’s seen consumers now at risk of identity theft.
It’s believed that hackers gained access to private information that included names, dates of birth, addresses and phone numbers. In more serious cases, peoples drivers licence and passport details were also obtained.
“We are devastated to discover that we have been subject to a cyberattack that has resulted in the disclosure of our customers’ personal information to someone who shouldn’t see it,” said Optus CEO Kelly Bayer Rosmarin.
The ABC obtained information from an unidentified senior figure within Optus who said that initial investigations reveal that hackers gained access to personal details as a result of human error.
“[It’s] still under investigation, however, this breach, like most, appears to come down to human error.”
“[They] wanted to make integrating systems easier, to satisfy two-factor authentication regulations from the industry watchdog, the Australian Communications and Media Authority (ACMA).”
It’s alleged that the programmers used an API which was thought to only be accessed by employees within Optus.
“Eventually one of the networks it was exposed to was a test network which happened to have internet access.”
It’s estimated that information from as far back as 2017 has been accessed by hackers and it’s not yet known who these hackers are.
Ms Bayer Rosmarin said that customers should be on alert for any suspicious activity.
“What customers can do is just be vigilant,” she said.
“It really is about increased vigilance and being alert to any activity that seems suspicious or odd, or out of the ordinary.
“If somebody calls you and says they want to connect to your computer and says to give them your password or let them in, don‘t allow that to occur.”
Optus will be in contact with customers who are affected in the coming days.