What to do if you’re an Optus customer: Passport, driver’s licence numbers stolen in massive hack

A cyber expert has questioned Optus‘ decision to hold onto its customers’ sensitive and personal data, as it’s revealed passport and driver’s licence numbers were among the information stolen in a massive hacking incident.

Optus chief executive Kelly Bayer-Rosmarin apologised for the cyber intrusion in a conference call with reporters on Friday, saying “it should not have happened”.

“I’m disappointed that we couldn’t prevent it,” she said.

“It undermines all the great work we’ve been doing to be a pioneer in this industry, be a challenger, and create new and wonderful experiences for our customers. I’m really sorry.”

The cyber breach could have wide-reaching consequences for both private and small business customers, Ms Bayer-Rosmarin acknowledged.

In an “absolute worst-case scenario”, 9.8 million customers were affected, although Ms Bayer-Rosmarin cautioned that authorities were still investigating the breach and the full impact wasn’t yet known.

Unconfirmed screengrabs from a dark web hacker forum show cyber criminals claiming to have access to 1 million Optus phone numbers.

Ms Bayer-Rosmarin urged customers to be on the watch for suspicious contacts in the near future, fearing bad actors who access the stolen data could use it to place scam calls.

“What customers can do is just be vigilant,” she said.

“It really is about increased vigilance, and being alert to any activity that seems suspicious or odd, or out of the ordinary.

“If somebody calls you and says they want to connect to your computer, and says to give them your password or let them in, don’t allow that to occur.”

She said passwords and financial details had not been compromised, however other sensitive information had been pilfered.

“We do hold a reference to the identification information, whether it’s the driver’s licence number or passport number. That’s the field that’s been compromised,” she said.

“I again want to reassure people that they have not got images of any of those documents, nor any bank details or passwords.”

Brett Callow, threat analyst with the cyber security firm Emsisoft, said companies should do what they can to minimise the collection of personal data.

“Generally speaking, it’s good practice for companies to collect only information that they absolutely need to collect and to retain it for no longer that necessary – in fact, this is a legal requirement in Europe,” he said.

“Minimising the amount of data that is held in this way can obviously help to reduce the number of individuals who are impacted when companies get breached.

“And, really, why should companies hold onto information that they don’t need anyway?”

Ms Bayer-Rosmarin said there was a simple explanation.

“The reason that we hold onto customer data for a period of time is that it is the law,” she said.

“We have to be able to go back in our records for six years and so we do keep all the information for the required length of time.”

Customers who have been affected will be contacted by Optus in the coming days.

Originally published as What to do if you are affected by Optus cyberattack

Read original article here

Denial of responsibility! Bulletin Reporter is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected] bulletinreporter.com . The content will be deleted within 24 hours.

Leave a comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More