Australian telecoms company hit by massive cyber attack

Australia’s second-largest telecoms company, Optus, has been hit by a cyber attack that exposed customers' names, dates of birth, phone numbers and email addresses.

In some cases the driving license numbers, passport details and mailing addresses were also exposed.

Optus says payment data and account passwords were not compromised.

The company notified the Australian Federal Police after noticing "unusual activity". It said it is working with the Australian Cyber Security Centre to investigate the hack and mitigate risks to customers.

The company could not say how many of its approximately 10 million subscribers in Australia had been compromised, but its chief executive, Kelly Bayer Rosmarin, said the number was “significant”.

In a statement to media, Rosmarin, said:

“Optus has also notified key financial institutions about this matter. While we are not aware of customers having suffered any harm, we encourage customers to have heightened awareness across their accounts, including looking out for unusual or fraudulent activity and any notifications which seem odd or suspicious.”

For customers believed to have heightened risk, Optus said it will undertake proactive personal notifications and offer expert third-party monitoring services.

Optus services, including mobile and home internet, are not affected, and messages and voice calls have not been compromised.

This is not the first time that Optus has been involved in serious privacy incidents. In 2013, Optus accidentally published the names, addresses, and mobile phone numbers of 122,000 customers without their consent.

In a 2008 incident, the company left open the management ports of Netgear and Cisco Systems modems to facilitate remote access, leaving customers who did not change the default administrative passwords on the appliances vulnerable to potential hacks.