Optus customers receive email days after cyberattack


Optus customers are beginning to receive emails notifying them of how much of their personal information was leaked days after the cyberattack.

The attack – which under a “worst case scenario” has compromised the personal data of 9.8 million customers – became known to Optus on Wednesday afternoon but the media was notified of the attack via a press release 24 hours later.

Customers are now beginning to receive communications via email notifying them of the data breach, signed by the telco’s CEO Kelly Bayer Rosmarin.

Email to customer about the Optus cyberattack.
Email to a customer about how much of their data was compromised from Optus. (Supplied)
An email shared with 9news.com.au provided an “urgent update” about a customer’s personal information on Saturday.

“It is with great disappointment I’m writing to let you know that Optus has been a victim of a cyberattack that has resulted in the disclosure of some of your personal information,” the email reads.

“Importantly, no financial information or passwords have been accessed. The information which has been exposed is your name, date of birth, email, phone number, address associated with your account, and the numbers of the ID documents you provided such as drivers licence number or passport number.

“No copies of photo IDs have been affected.”

The telco “apologised unreservedly” and said it was “devastated” the breach had occurred.

“We are working as hard as possible with the relevant authorities and organisations to ensure no harm comes from this unfortunate attack,” the email said.

Optus CEO Kelly Bayer Rosmarin personally apologised to customers following the attack. (Supplied)
It comes as Rosmarin fronted the media on Friday claiming the 24-hour turnaround between the telco finding out about the cyberattack and the media being notified was one of the fastest turnarounds for an incident of this nature.

“We used those 24 hours to shut down unauthorised access and to check there weren’t additional vulnerabilities,” she said.

Optus has received criticism for not notifying customers at the same time the media was alerted to the incident.

The telco has defended its actions to customers, as seen in the email, claiming it was the “quickest and most effective way” to alert them.

Customers are beginning to receive information about their personal information being compromised. (Kate Geraghty)

Now, the extent of the compromise for customers is becoming clear as emails are sent out.

Australian watchdog Scamwatch has warned all Optus customers to be vigilant for unusual activity on their accounts and communications they receive via phone and email.

Image of text message scam impersonating someone's dad.

Text message scam attempts to fool recipient with contact name

For customers who have specific concerns, they can contact Optus via the My Optus App (which remains the safest way to interact with Optus) or by calling 133 937. Optus will not be sending links in any emails or SMS messages.



Source link

Leave a Comment