Posted on October 6, 2022 at 7:29 PM
Optus has said that 2.1 million customers had their government identification numbers compromised. The numbers were compromised through a cybersecurity attack that happened last month.
Optus says 2.1 million customer ID numbers were exposed
Optus revealed these details yesterday through a press release. The company updated these details on the data breach saying that 9.8 million customers were affected because of this attack.
Optus conducted an investigation where it said that 2.1 million customers had valid and expired ID document numbers breached by the hackers. Out of these 2.1 million customers, 1.2 million had at least one number from a current and a valid form of identification document compromised.
Moreover, 900,000 customers had their ID numbers exposed, but the documents whose details were exposed have since expired. The company released a press statement saying that the update conducted today would help provide more clarity for the customers.
“Having worked with government agencies to meticulously analyze the data for the company’s 0.8 million customers, Optus can confirm the exposed information did not contain valid or current document ID numbers for some 7.7 million customers,” the company said.
Nevertheless, all the 9.8 million customers possessed other personal information exposed because of the breach. This information includes email addresses, phone numbers, and date of birth.
Optus has already alerted the customers whose personal details were affected by the attack. The customers were alerted of the breach of these personal details through SMS text messages. The affected customers had their ID numbers compromised because of the cyberattack. The customers were also given information about the next steps they needed to follow in the text messages.
Customers whose driver’s license details were accessed by hackers have been recommended to request a new driver’s license number to prevent cases of identity theft and fraudulent activity.
The attackers exploited Optus with the objective of a ransomware attack. The company said that the attackers had tried to blackmail Optus by requesting a $1 million demand not to publish and sell the data stolen from the platform. However, Optus did not succumb to the exploits, as it did not provide the requested payment.
After the company failed to receive the payment, the hacker leaked the data belonging to 10,000 customers through a hacking forum. The data that the hacker exposed includes addresses, names, email addresses, and dates of birth.
Instead, Optus reported the matter to law enforcement, informing them that customer details had been accessed by a hacker trying to exploit the company. After a few days, the attackers seemed scared of the building pressure from law enforcement authorities.
Users alerted of a phishing campaign
The hacker apologized to Optus and its customers. The hackers also claimed that they had deleted the stolen data. While this could be true, the claims could also be untrue, and the hackers might not have deleted the data in question and would instead be sold on hacking forums or used to conduct phishing campaigns.
There is no way of determining whether the hacker deleted the data. However, users on Optus need to assume that the data is still vulnerable. The data could be used to conduct fraudulent activities in the future and other types of phishing campaigns.
Therefore, users have been advised to look out for any emails sent purporting to originate from Optus. Phishing campaigns are usually conducted using stolen data by duping users into following malicious links or providing further details that could be used to launch further attacks.
Phishing emails are easy to spot. Users can detect such emails requesting them to provide further information about them or to log in to their accounts. When users follow the prompts, the hacker can take control of their account.
One of the recommendations given to users is that if they receive an email claiming to originate from Optus, they should directly log in to the company’s website and check if any messages have been sent there.
In most instances, when the company sends an email, they also send a notification or message on the site detailing the same information as the email. Therefore, emails not followed by a message on the site are most likely sent by an attacker wanting to conduct a phishing campaign. Phishing attacks have been increasingly popular in the past.