Optus (Australia) says it has been hit by a cyber attack that has compromised customer information


Well-Known Member
Apr 30, 2017
Reaction score

Information that may have been exposed includes customers' names, dates of birth, phone numbers and email addresses, Optus says.

For some customers, addresses and ID document numbers such as driver's licence or passport numbers have been exposed.

The breach involves both current and former customers,

more... https://www.abc.net.au/news/2022-09-22/optus-hit-with-cyber-attack-impacting-customers-/101466036

I would like to point out that I have never lost a customer's (or website visitor's) personal data.

If I did leak that data, it'd be REALLY minimal. I collect as little data as possible, 'cause I can't lose what I don't have. You're welcome, world.
Not good ...that's for sure.

How can I strengthen my cyber security?​

While Optus says they're "not aware of customers having suffered any harm," the company is encouraging people to have "heightened awareness across their accounts, including looking out for unusual or fraudulent activity and any notifications which seem odd or suspicious."

Optus have recommended looking to reputable sources, such as the government's Money Smart platform and the Identity Fraud page on the Office of Australian Information Commissioner website.

For customers believed to have heightened risk, Optus says it will undertake "proactive personal notifications" and offer "expert third-party monitoring services."

Cyber Security Minister Clare O'Neil says all Australians need to strengthen their cyber defences to help protect themselves.

The Australian Cyber Security Centre (ACSC) recommends:

  • Updating your devices to protect important information
  • Protecting your accounts with multi-factor authentication
  • Backing up data regularly to the cloud or an external hard drive
The ACSC website has step-by-step guides on how to apply these tips on Apple, Android and Windows devices.
Without knowing much about the issues, I wonder how encryption of data can be used to make it useless to cybercriminals.
@osprey ...that is an interesting point.

It would be within the bounds of reason to expect that a corporation the size of Optus would be already making use of encryption?
Which then leads to the question...just how did the perpetrators of this 'thing' break such encryption?....Have they already succeeded in breaking it??
My knowledge of encryption could probably be written on my thumbnail.....but I was under the impression that encrypted data can take excessive amounts of time to unravel......in some cases years.....either that or huge computer resources....HUGE....to reduce the time taken.

Another question.....was Optus storing said data in 'raw' form ?....unencrypted...? ? ???
Condobloke wrote:
Another question.....was Optus storing said data in 'raw' form ?....unencrypted...? ? ???
And were they using linux servers?
A number of banks and other very security conscious organisations do run linux servers and other unix flavours.
It seems Optus knew at least a day before about the attack and then have the bloody hide to advise customers on how to protect themselves against hackers...should have taken their own bloody advice.

It's a bit late telling people what to do after the event...that's like closing the barn door after the horse has bolted...bunch of morons.
My ISP, who also provide my mobile (cell) phone, had this to say

Hi Chris Turner,

You may have seen in the media that Optus had a data breach yesterday which saw a lot of their customer details potentially released during a malicious cyber-attack.

<name of ISP> are a wholesale customer of Optus, the mobile service we sell uses their network.

When our customers sign up to a mobile service with us, we only provide the following details to Optus: mobile number, SIM card ID, and date of birth – no other personal details are shared.

As a valued mobile customer of <ISP>, we wanted to let you know that we have received confirmation, in writing from Optus this morning, that the wholesale platform was not part of the data breach. None of your details have been compromised as part of this cyber-attack on Optus.

If you have any questions or concerns, don’t hesitate to reach out to our Support team on ...
I wonder what OS Optus is using...windwoes XP.
I'd laugh if it wasn't so serious ... oops I did.o_O
I'd laugh if it wasn't so serious ... oops I did.o_O

It wasn't a joke...it's most likely the case.
Just like people who get caught drink driving...then tell other people don't drink drive.
What do we hear now...Optus refused to upgrade security.
Optus...refusing to carry out remediation work to benefit/safeguard their customers........that sounds familiar.

It appears their "attitude" has not changed from years ago when I was unfortunate enough to have them as my ISP.

Never again.
Is that a scenario similar to hanging the keys to a secure door on the door itself?......maybe a note left for the burglars....here's the key, help yourself?

Members online