Optus says 2.1m customers’ data stolen in cyber attack

Hackers exposed the identity document numbers of 2.1 million people, Australian telco Optus said on Monday in an update on the cyber attack it suffered last month.

That number includes 1.2m customers who Optus has already contacted, among them 10,000 people whose details were briefly leaked on the internet. The other 900,000 exposed documents have already expired, Optus said, and the company is awaiting official confirmation as to whether it needs to take any action on those.

Optus had previously said that up to 9.8m customers' data might have been compromised.

"While the numbers have come down, we are disappointed that even one customer's information could be accessed," said Optus CEO Kelly Bayer Rosmarin in a video posted to the company's website.

The stolen data consisted of driving license and Medicare ID numbers. Optus said no debit or credit card details were stolen in the cyber attack.

The company has hired Deloitte to carry out a forensic review of the attack and determine what went wrong.