Australia’s second largest Telecom Company, Optus has recently become a victim of a cyberattack that attack apparently led to the exposure of personal data of its current as well as former customers. According to Trevor Long, a Sydney-based tech analyst, the attack is the biggest breach of personal data from any Australian firm.
The firm states that as soon as the attack was detected, it worked towards containing the attack, subsequently shutting it down before customers could suffer any harm. The company believes that one of the networks was still exposed to the test network with internet access.
The data breach notification read, “Following a cyberattack, Optus is investigating the possible unauthorized access of current and former customer [..] Upon discovering this, Optus immediately shut down the attack.”
In the wake of the attack, the firm confirmed that its customers' private data could be compromised since the attackers had an access to the customer identity database and opened it to other systems via Application Programming Interface (API). The firm further told that its network was accessed from an external source.
The exposed data, as per the firm’s statement in a press release included customers’ names, dates of birth, contact numbers, email addresses, residential addresses, and identity documents numbers such as passport and driving licenses. The company’s services on the other hand, including mobile and home internet, have not been compromised and the attackers were void of access to messages and phone calls.
Is Human Error Responsible For The Breach?
At a media briefing, when asked about the possibility of a human error being responsible for the breach, Optus CEO Kelly Bayers Rosemarin stated that “I know people are hungry for details about the exact specificity of how this attack could occur, but it is the subject of criminal proceedings and so will not be divulging details about that.”
The company has denied any claims of a human error that could execute this data breach. The CEO also apologized to the firm’s customers, stating it was challenging to offer immediate advice unless the case investigation was complete.
The CEO also mentioned the strong cyber defense softwares invested in Telco pertaining to the attacks. She further said that this attack should be a wake-up call for all organizations in order to avoid becoming a victim of a data breach.