SOCRadar® Cyber Intelligence Inc. | Optus Confirms Nearly 2.1M Australian Telecom Users’ Data was Exposed  


Oct 05, 2022
3 Mins Read

Optus Confirms Nearly 2.1M Australian Telecom Users’ Data was Exposed  

Optus disclosed a data leak involving nearly 2.1 million customer records. Customers’ personal information, including identification numbers, was revealed. The leak was caused by a data breach confirmed by Optus in late September, during which they were double extorted.

The Australian telecom company contacted Deloitte to initiate an external forensic assessment of the breach to determine how it happened. 

Which Types of Information Are Affected? 

Singtel, the owner company of Optus, issued a media alert to customers, stating that they are working with agencies to resolve the issue and said, “Approximately 1.2 million customers have had at least one number from a current and valid form of identification, and personal information, compromised.” The alert also notes that nearly 900,000 customers’ expired IDs were affected, and some other customers’ exposed data was invalid.

The firm also stated that it has informed users whose identification documents were compromised due to the attack. This contains driver license, card information, and Medicare ID numbers. 

Initial Cause of Data Leak 

On September 22, the threat actor gained unauthorized access to customer information. It’s unclear how or when the actual intrusion occurred. 

Optus stated on September 28 that 14,900 legitimate Medicare IDs and 22,000 expired Medicare card numbers were among the 9.8 million customer details exposed. 

Using the alias optusdata, the attacker uploaded a sample of the stolen data belonging to 10,200 customers and demanded a $1 million payment to prevent further disclosures. It is unknown whether “optusdata” is an individual or a group. 

After feeling the strain of law enforcement, the hacker apologized to Optus and its customers and claimed to have destroyed all the stolen data.

Threat actor's statement about Optus breach
Threat actor’s statement about Optus breach

Indications show that skilled scammers are approaching Optus customers with phishing attacks through phone, email, and text to get further personal information from the victims of the breach. You should log in to the company’s site and check the message if you receive any of these.

Check here for active scamming campaigns related to the Optus data breach

Visit SOCRadar Labs to see if your email accounts have been breached and leaked online.