23.09.2022
4 min read

Millions of Aussies impacted by major Optus cyber attack: ‘Be aware’

Here’s what was accessed, why hackers want that information, and what they’ll likely be trying next.

Customers warned after major Optus cyber attack

Optus has suffered a major data breach, compromising the personal information of up to nine million Australian customers.

Personal details, including passport and licence numbers, email and home addresses, dates of birth and telephone numbers of 2.8 million customers were accessed in the cyberattack, Optus has confirmed.

WATCH IN THE VIDEO ABOVE: Details as Optus suffers major data breach.

Watch the latest News on Channel 7 or stream for free on 7plus 7plus

About seven million people’s dates of birth, email addresses and phone numbers were stolen.

Cyber criminals could have access to enough information to steal the identities of millions of Optus customers, the consumer watchdog has warned.

Australian Consumer and Competition Commission deputy chair Delia Rickard said the cyberattack was extremely worrying due to the large amount of personal information fraudsters might be able to access.

“These are all the things that you need for identity theft and also all the things you need to personalise a scam and make it much more convincing,” she told Nine on Friday.

Optus Australia confirmed the attack on Thursday, stating it was “investigating the possible unauthorised access of current and former customers’ information”.

“We are devastated to discover that we have been subject to a cyberattack that has resulted in the disclosure of our customers’ personal information to someone who shouldn’t see it,” Optus CEO Kelly Bayer Rosmarin said.

“As soon as we knew, we took action to block the attack and began an immediate investigation.

“While not everyone may be affected and our investigation is not yet complete, we want all of our customers to be aware of what has happened as soon as possible so that they can increase their vigilance.”

Optus Australia confirmed the attack on Thursday, stating it was ‘investigating the possible unauthorised access of current and former customers’ information’. File image. Credit: BIANCA DE MARCHI/AAPIMAGE

Optus assured payment details and account passwords have not been compromised and Optus services, including mobile and home internet, are not affected.

“Optus has also notified key financial institutions about this matter,” Rosmarin said.

“While we are not aware of customers having suffered any harm, we encourage customers to have heightened awareness across their accounts, including looking out for unusual or fraudulent activity and any notifications which seem odd or suspicious.

“We are very sorry and understand customers will be concerned. Please be assured that we are working hard ... to help safeguard our customers as much as possible.”

Cybersecurity Minister Clare O’Neil told 7NEWS.com.au: “The Australian Cybersecurity Centre is providing cybersecurity advice and technical assistance” in relation to the cyberattack involving Optus.

Australian Federal Police, the Office of the Australian Information Regulator and other key regulators have also been notified.

Optus responds

In an update on Friday, Rosmarin described the attack as “sophisticated”.

“We are taking full accountability for what has happened,” she said.

“No ransomware demands have been made ... but it’s too early to rule out any possibilities.”

Rosmarin said Optus will be contacting all customers.

“In the next few days, all customers will be contacted ... including those who have not been affected, and they will know what category they will fall into,” she said.

While it is estimated up to 9.8 million people may have been affected, Rosmarin described this number as a “worst case scenario”.

“We have reason to believe that number is actually much lower,” she said.

“Once we’ve worked through all the relevant information, we expect that number will be much lower.

“But again, our teams are looking into every possibility.”

Rosmarin said the message to Optus customers is to remain alert.

“What customers can do is be vigilant, if anything unusual occurs report it … be alert to any activity that seems suspicious or odd,” she said.

Rosmarin said, given the matter is “subject to criminal proceedings”, the company would not release any further details about how the attack unfolded.

What you can do

Scamwatch advised Optus customers to secure their personal information by changing online account passwords and enabling multi-factor authentication for banking.

Affected customers should also place limits on bank accounts, monitor for any unusual activity and request a ban on credit reports if any fraud is suspected.

Laws questioned after Optus cyberattack

The cyberattack is a dramatic wake-up call and should lead to tougher privacy and data laws, the federal opposition says.

While the government has initiated a review into data security on social media platforms such as TikTok, it won’t be completed until next year, opposition communications spokeswoman Senator Sarah Henderson said.

“This is all too little, too late,” she said.

“Rather than kick the can down the road, Labor must urgently consider all regulatory options and act immediately to improve the privacy and safety of Australians online.”

Millions of Optus customer details may have been accessed in a cyber attack. Credit: Dave Hunt/AAP

Henderson said the opposition had for months been calling on the Albanese government to deliver tougher online privacy and data protection laws.

In July, it called on Labor to adopt the coalition’s Online Privacy Bill and, earlier this month, she and other opposition MPs had criticised the government for failing to strengthen laws.

The Office of the Australian Information Commissioner said it would engage with Optus to ensure compliance with the requirements of the Notifiable Data Breaches scheme.

Under the framework, organisations covered by the Privacy Act must notify affected individuals as quickly as possible if they experience a data breach likely to result in serious harm.

- With AAP

Major camera glitch found on iPhone 14 Pro models.

Major camera glitch found on iPhone 14 Pro models.

Stream free on

7plus logo