So far, this is what we know about the Optus hack and what customers should do about it.
What’s going on?
On Wednesday, an attack on Optus’s computer systems was found. Hackers got the names, addresses, phone numbers, and email addresses of up to 9.8 million people. For a smaller group, they also got their driver’s license numbers and passport numbers. Optus thinks that the real number of people whose information has been stolen is much lower.
Thursday afternoon, people found out about the hack. The hackers are no longer able to get in, but it is still not clear how much information was taken and why.
What does Optus plan to do?
Its CEO, Kelly Bayer Rosmarin, has apologized to customers and said that the attack “devastated” her. The Australian Federal Police and the Australian Cyber Security Centre, which is a government agency that works with the best online spies in the country, are looking into it. Banks and privacy regulators have also been told about this. Optus customers can no longer swap SIM cards, replace them, or change who owns them online. As a safety measure against fraud, they can only be done in store.
Should Optus customers change their credit card information or passwords?
Optus hasn’t found any signs that passwords or financial information were stolen. Instead, users should be on the lookout for requests to change these details from people they don’t know. This could be a sign that someone is impersonating them with stolen information.
What should people do?
Careful. Watch out for offers, customer service calls, or even warnings about scams that ask for approvals or passwords. Even if they use your real name or phone number and seem to come from a company that isn’t Optus, they could be using information from the hack. Verify any messages by calling the company that seems to have sent them on your own. Don’t click on links that look sketchy. Don’t tell anyone your passwords.
Optus has told people that it won’t send links in SMS messages.
Since I’m a customer but haven’t heard from Optus, does that mean I haven’t been affected?
No. Optus said that it is first contacting people who are at “high risk” and that it will contact everyone else “over the next few days.” It has to look through millions of customer records to figure out who had what information taken and from whom.
I used to be an Optus customer, but I’m not one now. Am I safe?
No, I’m afraid not. Customers who used the service between 2017 and now were affected by the breach.
Has any of the stolen information been made public?
We don’t know of any. In situations like this, it is common for companies to get a ransom demand before information is released, but there is no evidence that this has happened.
Who did the hacking?
Optus CEO Kelly Bayer Rosmarin said on Friday that the hackers changed their Internet addresses to hide their identities, but “it’s safe to say that it comes from different countries in Europe.”
I’m with Amaysim, which is another phone company that Optus owns, or I use Optus’ business services. Am I at risk?
No. Optus has said that the data on Amaysim has not been hacked. It has also said that “this cyberattack does not affect the platforms and services that support wholesale, satellite, and enterprise users.” Optus’s services are still safe to use and work as usual.”
Are Optus’s mobile phone and broadband networks up and running?
Yes, these systems are still online and working as they should. The company has said that they were not hacked and that using them is safe.
I want to talk to Optus to get help or find out more.
Because of the attack, the company has warned that wait times may be longer than usual. However, customers can call 133 937 or use the My Optus app to get in touch with Optus. Call 133 343 if you are a business.