Australian cellphone operator Optus has reported a major cybersecurity breach that could have serious implications. A successful hacking means that the data of up to 10 million customers may have been stolen by criminals.
What happened?
According to Optus, routine monitoring detected suspicious activity on their network. The cybersecurity team activated their response plans and managed to shut down the attack – but not before the hackers had managed to steal some sensitive information.
For affected individuals, these personal details included:
- Names
- Date of birth
- Phone numbers
- Email address(es)
- Postal address
- ID document numbers, such as passport or driving license
How serious is this hacking?
Every hacking is serious but in the case of the Optus breach there are significant implications. Names and phone numbers are easily sold on by hackers for use by spammers and scammers.
However, additional details like postal address and ID details make this theft particularly valuable. Using all of this information together, criminals have all the building blocks they need to carry out more sophisticated scams, such as identity theft.
Optus has contacted federal authorities (the Australian Cyber Security Centre) to mitigate the potential threat to their customers. They have also informed key financial institutions to alert them to the breach and ensure they are better able to detect fraudulent activity using the stolen information.
Optus also claims that there have not been any reports of customer data being misused, but this could always change. They have not yet confirmed exactly how many people have been affected but are advising all customers to closely monitor their own accounts for fraudulent activity.
Look at the bigger picture
Although Optus is the only provider affected by this particular attack, customers could experience more problems. Using the stolen information, cybercriminals may try to break into other online accounts.
Optus has not confirmed whether customer passwords were stolen during the hacking. If so, customers who regularly reuse passwords are at even greater risk of theft or loss. Because of this, affected customers should monitor all of their online accounts for suspicious activity. Ideally these people should change all of their account passwords for added security, choosing a ‘strong’ password that cannot be easily cracked.
Obviously creating and remembering dozens of complex passwords is difficult (or impossible) – but it is also your best protection against many cyberattacks. To help solve this challenge, consider subscribing to Panda Dome Passwords. Our service helps you create new unguessable passwords for every online account – and then securely stores that information so you will never forget it.
In the meantime, it is absolutely essential that Optus customers are aware of this hacking – and that it may take some time for the full impact of the attack to be realized. This is particularly true as Australian Federal Police investigators are still unsure “who has been accessing the data and for what purpose”. Hopefully the police investigation progresses quickly – and that none of Optus’ 10 million customers experience any negative effects.