What has happened?
Optus detected a cyberattack on its systems on Wednesday. Hackers accessed the data of up to 9 million people, including names, addresses, phone numbers and email addresses for many along with driver’s license numbers and passport numbers for a smaller group. The hack was disclosed on Thursday afternoon. The hackers’ access has been removed but just how much data was stolen and why is not yet known.
What is Optus doing about it?
Its chief executive Kelly Bayer Rosmarin has apologised to customers and said she was “devastated” by the attack. It has shut down the hackers’ access and called in the Australian Cyber Security Centre, a government agency that works with the nation’s top online spies, to help assess the hack and trace its source. The federal police, privacy regulators and banks have also been notified. SIM card swaps, replacements and ownership changes have been paused online for Optus customers. They can only be done in store as a precaution against fraud.
Should Optus customers change their passwords or credit card details?
So far, there is no indication from Optus that password or financial data was compromised. Instead, users should be vigilant about requests that they don’t recognise to change those details because it could be an indication someone is impersonating them with data that was stolen.
What should customers do?
Be wary. Keep an eye out for offers, customer support calls or even scam warnings that ask for approvals or passwords. Even if these use your real name or phone number and appear to come from a company that isn’t Optus, they could be exploiting data from the hack. Verify any communications by independently contacting the company that appears to have sent them. Never click on suspicious links. Do not give out passwords.
Optus has advised it will not be sending out links in SMS messages.
I haven’t been contacted by Optus, but I am a customer, does that mean I haven’t been affected?