Cyberattack on Optus Potentially Exposes Millions of Customer Accounts

SYDNEY—A cyberattack on one of Australia’s largest telecoms companies could have accessed the personal information of as many as 9.8 million customers, in what one lawmaker called the most significant data breach in recent years.

Optus, an Australian unit of

Singapore Telecommunications Ltd.

, said it doesn’t yet know who was behind the cyberattack that could have exposed customer information dating back to 2017, including names, dates of birth and phone numbers. The company, which said it first became aware of the breach on Wednesday, said some identity documents might also have been compromised.

Kelly Bayer Rosmarin,

Optus’s chief executive, said the access of 9.8 million customer accounts is a worst-case scenario as investigators seek to define the extent of the breach, which has been referred to the Australian Federal Police.

“We have reason to believe that the number is actually smaller than that, but we are working through reconstructing exactly what the attackers have received,” she said.

So far, the company hadn’t received any ransomware demands following the cyberattack, Ms. Bayer Rosmarin said.

“The IP address kept moving. It’s a sophisticated attack,” she said.

A spokesman for Cybersecurity Minister

Clare O’Neil

said the federal government’s Australian Cyber Security Centre was aware of the data breach. Separately, the Australian Federal Police said it would work with Optus “to obtain the crucial information and evidence needed to conduct this complex, criminal investigation.”

Australia has faced several attempts to access confidential data in recent years, prompting its leaders to increase investment to safeguard systems. In 2019, hackers sought access to the computer network in the country’s parliament, but were thwarted before confidential information was accessed. Scott Morrison, Australia’s prime minister at the time, said the attack appeared to be carried out by foreign agents.

James Paterson,

shadow minister for cybersecurity with the opposition Liberal Party, said the apparent theft of so much personal information from Optus was particularly concerning and called it the country’s most significant user-data breach in some time. “There’s certainly been other Australian-based companies that have been attacked, but none who hold so much personal detail of Australian users,” Mr. Paterson said in a radio interview with the Australian Broadcasting Corp.

Ms. Bayer Rosmarin said Optus was legally obliged to retain customer data for six years, and that it was working to identify which customers had been affected by the breach. She said all data had been held in Australia, adding that parent company Singtel’s systems were unaffected.

Write to Alice Uribe at

Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

Appeared in the September 24, 2022, print edition as ‘Telecom Cyberattack in Australia Threatens Millions of Accounts.’

Leave a Reply

Your email address will not be published.

%d bloggers like this: