Security Experts:

Connect with us

Hi, what are you looking for?



Data Breach at Australian Telecoms Firm Optus Could Impact Up to 10 Million Customers

Australian telecoms company Optus has disclosed a data breach impacting the personal information of both former and current customers.

Australian telecoms company Optus has disclosed a data breach impacting the personal information of both former and current customers.

Founded in 1981, Optus is owned by Singapore Telecommunications and is the second largest wireless services provider in Australia. It has nearly 10 million subscribers and they could all be impacted by the breach.

On Thursday, the wireless carrier announced that unknown attackers were able to breach its systems, gaining access to information such as names, birth dates, email addresses, phone numbers, addresses, and ID document numbers.

Optus CEO Kelly Bayer Rosmarin said earlier this week that, while all the company’s customers were informed of the data breach, it’s unclear yet how many of them were actually impacted by the incident.

Optus claims that customer payment details and account passwords were not accessed in the attack, and that none of its services was affected in the incident.

What the company hasn’t detailed, however, is the manner in which the attackers gained access to its network. Its CEO did say that no ransom demand has been made, but noted that it’s too early to rule out any possibility. 

Via its Scamwatch website, which offers information on how to avoid scams, the Australian Competition and Consumer Commission (ACCC) on Thursday warned Optus customers of potential fraud attempts following the cyberattack.

“Scamwatch is warning Optus customers to be on the lookout for scams and take steps to secure their personal information following a cyberattack. […] Optus customers should take immediate steps to secure all of their accounts, particularly their bank and financial accounts,” ACCC said.

*updated with information on potential number of impacted users and to say that no ransom demand has been made

Related: New York Emergency Services Provider Says Patient Data Stolen in Ransomware Attack

Related: LastPass Found No Code Injection Attempts Following August Data Breach

Related: Samsung US Says Customer Data Compromised in July Data Breach

Related: Textile Company Sferra Discloses Data Breach

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...