Optus Pwned By Hackers… Personal Info Stolen

Australian telco Optus has disclosed that they suffered a cyber attack which resulted in the personal info of customers including names, DOBs, addresses and contact details being stolen. The attack occurred after hackers broke through the company’s firewall, accessing sensitive information of Optus’ 9.7 million subscribers. The company has confirmed the breach and exposed information but has stated that payment details and account passwords have not been compromised, and that services including mobile phones and home internet were not affected. The thing is, what was stolen is enough to start identity theft campaigns. Which makes this a non trivial event.

Mark Bower, VP of Product Management, Anjuna Security had this to say:

     “Too often we see large scale breaches where payment details and passwords were the only things protected, largely due to regulations like PCI DSS, yet massive amounts of personal data are not. That’s no longer good enough for maintaining customer trust. The types of data breached in this attack put millions of Australians at risk from phishing, social attack and phone scams which can have huge personal anxiety and financial consequences. Modern enterprises can certainly avoid this with a more holistic approach to data security given the availability of tools that can dramatically reduce impact of insiders or advanced attackers even in a total breach situation which is an inevitable and expected scenario for today’s CISO.”

Australia has been very good at investigating stuff like this. Thus I have to assume that the authorities are all over this. Which means we’ll find out how bad this is soon enough.

Leave a Reply

%d bloggers like this: