Sign in / up

back to article Significant customer data exposed in attack on Australian telco

Australian telecommunications company Optus has fallen victim to a significant cyberattack and data breach. Coming clean on Thursday, Optus said the attack exposed information including customers' names, dates of birth, phone numbers, email addresses, and - for some - physical addresses, ID document numbers such as driving …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    FAIL

    From the article

    "Those culprits are thought to be either a criminal or state-sponsored organization."

    Well, I never would have guessed /S (just incase)

    6 0 Reply
    1. VoiceOfTruth Silver badge
      Reply Icon

      Re: From the article

      Yeah, the usual statement copied and pasted from other hacked companies. Translation: our security was not good enough.

      5 1 Reply
  2. An_Old_Dog Silver badge

    Their previous CISO left

    ... possibly, because his recommendations were being ignored by the Board of Directors, and he didn't want to be the scapegoat for the future breach he saw as likely to occur.

    5 0 Reply
  3. Magani
    Flame

    NOT HAPPY, JAN!

    Coming up to 3 days after the data breach was detected by Optus and not a thing from them in either email or SMS.

    4 0 Reply
  4. david 12 Silver badge

    Enough information to open a bank account?

    ??? Opening a bank account in Australia requires presenting physical government photo ID.

    0 2 Reply
    1. Atomic Duetto
      Reply Icon

      Re: Enough information to open a bank account?

      No, you don’t need photo ID.

      Different documentation types have points/value associated with them. You need 100 pts of doco. One of the document types must be from a “primary” list which is a government product, although it could be any state/territory/federal government including a foreign passport (70pts).

      But if you don’t want your mug shot associated the following is enough. Birth certificate (no photo, 70pts), electricity bill (20pts), phone bill (20pts).

      Many “secondary” doc choices from non govt. orgs are acceptable, eg. banks, etc.

      That said, they have pretty much everybody’s visage already so I imagine Face ID or Instagram could be added to streamline and simplify things, perhaps also create a source of income (jk). We, (EDS) were implementing facial recognition for passports (Aust. Customs) to speed entry way back in 2000. From memory getting Vista to work was a far bigger challenge.

      2 0 Reply
  5. Winkypop Silver badge
    Facepalm

    Wow

    Makes their major competitor, Telstra, look good.

    Yes?

    1 0 Reply
    1. sreynolds
      Reply Icon

      Re: Wow

      Seriously? Telstra should have been broken up years ago.

      Surprised nobody mentioned the links to Singapore here, as Optus is pretty much a subsidiary of Singtel.

      3 0 Reply
  6. stevestevesteve
    Unhappy

    Optus's positive spin

    I got a notification email from Optus, letting me know the great news that my password and financial information hadn't been leaked.

    They went on to assure me that the comprimised details were limited to just my full name, date of birth, email, phone number, residential address, driver license number, and passport number.

    2 0 Reply

  7. This post has been deleted by its author

  8. captain veg Silver badge

    bollox

    "Optus said the attack exposed information including customers' names, dates of birth, phone numbers, email addresses, and - for some - physical addresses, ID document numbers"

    I fail to see how an ISP needs anything more than whatever identifiers their bank requires to ensure monthly payment, which doesn't include, for example, date of birth, phone number and email address*. It most certainly does not include any kind of ID document number.

    -A.

    0 0 Reply
    1. very angry man
      Reply Icon

      Re: bollox

      yes totaly agree.

      but every body is data gathering, for just simple things you need more personal info than could possibly be needed, it sucks, just stop it now! let me off.

      0 0 Reply
    2. Phil Kingston
      Reply Icon

      Re: bollox

      I remember a time not long ago when it was deemed suspicious if a user wanted more than 5 SIMs registered. Wouldn't be surprised if that information is collected under the pretence of combating terrorism or some similar overreach - you're right, shouldn't be necessary for Optus themselves.

      And seems is still a thing for activating at least prepaid https://www.acma.gov.au/acmas-rules-id-checks-prepaid-mobiles

      0 0 Reply
  9. Phil Kingston

    Check some of your data

    Worth a read if you want to check some of your data that Optus had: https://whirlpool.net.au/wiki/optus_sept_2022_breach

    0 0 Reply
  10. sysdec

    Op. system ?

    The last time I was working at Optus, in 1996-98, they were still using a lot of rock solid OpenVMS boxes, although quite a few Unix-y boxes seeped in :-/ My guess is that this current breach happened not on an OpenVMS box ( if they still have any, anyone knows ? ).

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like