>
Cybersecurity experts say Optus customers should watch out for criminals impersonating them online and conduct regular credit checks after hackers gain access to the telecom giant’s database.
Thursday’s massive cyber breach gave hackers access to personal information, such as passport and driver’s license numbers, email and home addresses, dates of birth and phone numbers, of about 10 million Australians.
Alastair MacGibbon, chief strategy officer at cybersecurity firm CberCX and a former adviser to the prime minister, says Optus customers should beware.
Nearly 10 million Optus customers have had personal data stolen in what is considered one of the largest cyberattacks in Australian history
“Personal information has been stolen,” he told ABC.
‘A lot of personal information for several million people and a little less information for about 6 million more.
“They should see if criminals impersonate them, or steal their identities, try to get credit in their name…etc.”
He said Optus can protect their customers’ interests by paying for credit monitoring.
“That way you will be checked by credit monitoring services if someone has used your name and other details to get credit,” Mr MacGibbon said.
Chief strategy officer at cybersecurity firm CberCX Alastair MacGibbon has warned Optus customers they can impersonate criminals
The cyber expert warned that the personal information collected by a large organization is “potentially valuable to criminals.”
“If you collect a lot of information, it’s more valuable, so any company that collects a lot of information is at risk of these kinds of incidents happening,” he said.
“Looks like this is about stealing customer data.”
A former national security adviser agreed, telling Radio National that any Australian affected by the Optus hack should start carrying out credit checks.
He said customers should ask Optus to cover the costs, stressing that the 3 million who stole the most data should “certainly” start doing it.
Mr MacGibbon said the Optus breach may not be the work of a sophisticated group of hackers
Optus chief executive Kelly Rosmarin says company is working with Australian federal police to investigate attack
Optus is now investigating the full extent of access to information and how much was stolen and how it happened.
“Clearly there is a lot of communication with stakeholders, including government agencies, that they will have to respond to as to how this happened,” said Mr MacGibbon.
“They will of course have to report this to the Privacy Commissioner, who has been legislation for several years and they will work closely with law enforcement agencies and the Australian Cyber-Security Centre.”
After breaching Optus’ firewall, hackers reportedly stole 2.8 million customers’ passport and driver’s license numbers, email addresses, birth dates and phone numbers after allegedly exploiting a weakness in the company’s firewall.
The remaining 7 million had their dates of birth, email addresses and phone numbers stolen.
Optus may have hired credit guards to ensure their customers are not impersonated by criminals
Optus chief executive Kelly Rosmarin said the company was working with the Australian Federal Police to investigate the attack.
“We are devastated to learn that we have been the victims of a cyber attack that resulted in the disclosure of our customers’ personal information to someone who should not see it,” she said in a statement.
“As soon as we knew, we took action to block the attack and immediately launched an investigation. While not everyone may be affected and our investigation is not yet complete, we want all of our customers to be aware of what happened as soon as possible so they can increase their vigilance.
“We are very sorry and we understand that customers will be concerned. Rest assured that we are working hard and collaborating with all relevant authorities and organizations to help protect our customers as much as possible.”
Mobile internet and internet at home, as well as messages and voice calls are not affected
She said customers’ payment details had not been compromised, but advised them to check their bank accounts for suspicious activity.
‘Optus has also informed important financial institutions about this. While we are not aware of customers who have been harmed, we encourage customers to raise awareness about their accounts, for example by looking for unusual or fraudulent activity and reports that appear strange or suspicious.”
Mobile internet and internet at home, as well as messages and voice calls are not affected.
Both past and current Optus customers have been affected.