"We will begin with customers whose ID document number may have been compromised, all of whom will be notified by today. We will notify customers who have had no impacts last," Optus said in a statement. "No passwords or financial details have been compromised."
iTWire previously reported that a data breach occurred last week which affected nine million customers at risk.
Optus CEO Kelly Bayer Rosmarin issued a statement last week and apologised to customers about the security incident.
|
She assured the public that the company is engaging with all relevant authorities and organisations to safeguard customer data as much as possible.
In another update, Optus said the Australian Cyber Security Centre has provided advice to former and current customers who may have been impacted by the incident.
Customers are advised to to contact reputable sources of information such as Moneysmart, ID Care, and Office of the Australian Information Commissioner.
Optus also warned that its email and SMS notifications do not have hyperlinks.
Optus data being advertised?
iTWire reported that a second lot of data claimed to be from Optus has been advertised for sale on a web forum.
One hundred sample records were linked as proof that the data is genuine.
Emsisoft security researcher Brett Callow pointed out in a tweet that account will not sell any data for one week until Optus replies.
The post claimed that the data is from 11.2 million customers. It is demanding millions of dollars to terminate the sale.
iTWire reported that on Friday, Rosmarin did not offer new any information about the data breach, claiming it was "sophisticated."
The second largest telco is coordinating with the Australian Federal Police as the data breach is now treated as a "criminal investigation."
This first appeared in the subscription newsletter CommsWire on 26 September 2022.