A single mistake by a computer programmer could have opened the door to a massive cyber attack on Optus, which led to the theft of the personal data of up to 10 million customers.
The breach – the largest in Australia’s history – would have given hackers access to passport and driving license numbers, email and home addresses, dates of birth and phone numbers of some customers.
The telecom operator said its investigators did not know who was responsible for the attack or the reason for it – the hack appearing to come from several European countries at once.
But an Optus insider told the ABC that while the matter is still under investigation, “this breach, like most, appears to be due to human error.”
“(Optus) wanted to make it easier to integrate the systems, in order to meet the two-factor authentication regulations of the industry watchdog, the Australian Communications and Media Authority (ACMA),” the company said. initiated.
In the process, Optus’ customer identity database may have been opened up to other networks. This could have allowed hackers outside the company to access the Optus database.
Optus called ABC’s report “inaccurate.”
A massive cyberattack on Optus that potentially saw the personal data of up to 10 million customers stolen could be due to the mistake of a computer programmer
Company CEO Kelly Bayer Rosmarin confirmed the account’s payment details and passwords had not been compromised, but admitted she felt ‘terrible’ that the breach happened under his supervision.
Ms Bayer Rosmarin also revealed that the IP addresses linked to the hackers had moved to different European countries. This has raised fears that a powerful nation – such as Russia or China – or a sophisticated organized group may be to blame.
Nigel Phair, director of the Institute for Cyber Security, said it was difficult to investigate the culprit of a cyberattack.
“He may be from Russia or another country or not, but one thing I know is that cybercriminals are very good at covering their tracks,” he told Daily Mail Australia.
“It’s most likely a group of people, but it could be one person or many, they could be together in a room or all over the world.”
Australian Federal Police are investigating.
Mr Phair added that he believed Optus knew a lot more than he was letting on and could provide more information to customers.
He added that those who subscribe to the telco should be “very concerned”.
“This will probably be the worst data breach Australia has ever seen,” he said.
The director of the UNSW Institute for Cybersecurity, Nigel Phair, said identifying perpetrators of cyber breaches was one of the hardest things to investigate.
“The amount of data that criminals can access is as bad as it gets.”
While Optus told customers their passwords had not been stolen, Mr Phair pointed out that if hackers had other personal information such as email addresses and dates of birth, they could change the passwords themselves.
The cybersecurity expert said he believes the attack likely came from a criminal group, who will try to monetize the information in any way possible, including selling it on the dark web.
“Cyberattacks are common, but their success is not that common,” he said.
“The problem is that those affected cannot do much. There is nothing you can do to make yourself more secure.
“All you can do is be hyper-vigilant about anything unusual, like text messages or phone calls, really look for the unexpected.”
Optus says he doesn’t know if a state actor – like Russia (Vladimir Putin is pictured above) or China – or a criminal group of hackers was responsible for the attack
WHAT OPTUS SAID ABOUT THE DATA BREACH
How did it happen?
Optus has been the victim of a cyberattack. We immediately took action to block the attack which only targeted Optus customer data. Optus systems and services, including mobile and home Internet, are unaffected, and messages and voice calls were not compromised. Optus services remain safe to use and operate normally.
Was the attack stopped?
Yes. Upon discovering this, Optus immediately stopped the attack.
We are now working with the Australian Cyber Security Center to mitigate risk to customers. We have also notified the Australian Federal Police, the Australian Information Commissioner’s Office and key regulators.
Why did we approach the media first rather than our customers?
The security of our customers and their data is paramount to us. We did this because it was the fastest and most efficient way to alert as many current and former customers as possible, so they could be vigilant and watch for suspicious activity. We are now in the process of contacting customers who have been directly affected.
What information of mine may have been exposed?
Information that may have been exposed includes customers’ names, dates of birth, phone numbers, email addresses and, for a subset of customers, addresses, identification document numbers such as as driver’s license or passport numbers. Affected customers will be notified directly of the specific information compromised.
Optus services, including mobile and home internet, are not affected. Messages, voice calls, billing and payment details, and account passwords were not compromised.
What should I do to protect myself if I suspect that I am the victim of fraudulent activity?
We are not currently aware of any customers who have suffered harm, but we encourage you to exercise increased vigilance in all of your accounts, including:
Be on the lookout for suspicious or unexpected activity in your online accounts, including your bank accounts. Be sure to immediately report any fraudulent activity to the relevant provider.
Be careful of the contacts of scammers who might have your personal information. These can be emails, text messages, phone calls or suspicious messages on social networks.
Never click on links that look suspicious and never provide your passwords or any personal or financial information.
How do I contact Optus if I think my account has been compromised?
If you believe your account has been compromised, you can contact us through the My Optus app – which remains the safest way to contact Optus or call us on 133 937 for retail customers. Due to the impact of the cyberattack, waiting times may be longer than usual.
If you are a professional customer, contact us on 133 343 or your account manager.
How do I know if I have been impacted?
We are in the process of contacting customers who have been directly impacted.
Meanwhile, Ms Bayer Rosmarin said it was too early to say whether the Optus breach was a criminal or state attack.
“Obviously I’m angry that there are people who want to do this to our customers, I’m disappointed we couldn’t prevent it,” she said.
“I’m so sorry and sorry. This shouldn’t have happened.
The potentially stolen data dates back to 2017.
Ms Bayer Rosmarin said the reported figure of 9.8 million people having had their data breached was the “worst-case scenario”, and Optus expected that number to be much lower.
“It’s a small subset of data, it doesn’t include any financial details, it doesn’t include passwords,” she said.
AFP said on Friday it would work with Optus to “obtain the crucial information and evidence needed to conduct this complex criminal investigation.”
“AFP’s specialist Cyber Command will work closely with a number of agencies, including the Australian Directorate of Signals.”