https://www.theguardian.com/australia-news/live/2022/sep/23/queen-elizabeth-anth...Optus CEO says 9.8 million customers affected by data attack
under 'worst case scenario'
Josh Taylor
Optus customers dating back to 2017 may be caught up in the massive hack of the telco’s customer database, the company’s CEO has revealed.
Kelly Bayer Rosmarin told reporters on a media call on Friday that the company is still not sure exactly how many customers had their personal information – including name, phone number, date of birth and in some cases passport or driver’s licence numbers – compromised in the attack, but that 9.8 million was the “worst case scenario”.
She said:
We have reason to believe that the number is actually smaller than that. But we are working through reconstructing exactly what the attackers have received.
The data goes back to 2017 because under law Optus is required to keep identity verification records for six years. Until Optus determines who is affected, then Optus will be able to directly contact those customers. Bayer Rosmarin said even those customers not directly affected will hear from Optus.
There have been no ransom demands, and Optus has not yet determined whether it was a criminal organisation or state actor attack on the company. She wouldn’t go into detail about how the attack occurred, saying it was “the subject of criminal proceedings”.
The IP address of the attacker “came out of various countries in Europe”, she said.
Bayer Rosmarin said the whole country needed to respond to the attack together:
We don’t yet know who these attackers are and what they want to do with this information, which is why we really need a Team Australia response.
Updated at 11.07 AEST