Sept 24 (Reuters) - Australia's number two
telecommunications company, Optus, said on Saturday it was
contacting customers about a cyberattack that accessed personal
details of up to 10 million customers, in one of Australia's
biggest cybersecurity breaches.
Chief executive Kelly Bayer Rosmarin said on Friday she was
angry and sorry that an offshore-based entity had broken into
the company's database of customer information, accessing home
addresses, drivers licence and passport numbers of the
equivalent to 40% of Australia's population.
In an update on Saturday, the company, owned by Singapore
Telecommunications Ltd, said it was contacting "all
customers to notify them of the previously announced
cyberattack’s impact, if any, on their personal details".
"We will begin with customers whose ID document number may
have been compromised, all of whom will be notified by today. We
will notify customers who have had no impacts last," it said in
a statement. "No passwords or financial details have been
compromised."
Optus has said corporate customers appeared unaffected by
the "sophisticated" hack, which it initially informed customers
about on Thursday.
The Sydney Morning Herald on Saturday reported Optus was
probing a threat to sell millions of customers’ personal
information online unless the company paid $1 million in
cryptocurrency to the hackers.
Asked about the report, an Australian Federal Police
spokesperson told Reuters that police were aware of reports
alleging stolen Optus customer data and credentials may be being
sold through a number of forums "including the dark web".
Optus said as the attack was under police investigation it
"cannot comment on certain aspects of the incident".
The company, declining to give details of how the attacker
breached its security, has said the attacker's IP address - the
unique identifier of a computer - appeared to move between
countries in Europe.
(Reporting by Sam McKeith; Editing by William Mallard)