According to an update from Optus, 2.1 million of the 9.8 million current and past customers whose data was exposed had at least one portion of an identification document, such as a license or passport number, accessed. In addition to personal data such as name, address, and date of birth, a current and legitimate form of identification was compromised for around 1.2 million people.
For the remaining 900,000 users, the breach compromised an out-of-date ID. Optus stated that it has contacted all of the affected individuals and instructed them on the steps to take so as to minimize the damage done by this hack. Optus has also promised to reimburse victims the cost of passport replacement.
The company has encouraged the remaining 7.7 million consumers to be cautious. Even though their identification documents were not stolen, the breach disclosed information such as email addresses, birth dates and phone numbers.
“We are disappointed that even one customer’s information could be accessed, and we are deeply, deeply sorry that this could occur, especially because we genuinely care about safeguarding our customers’ information and we invest millions of dollars and have teams of people whose job it is to prevent something like this from happening,” said Chief Executive Officer of Optus, Bayer Rosmarin.
According to the CEO, federal authorities are investigating a post on an Internet forum claiming to have published 10,000 customer records from the recent data breach, and threatening to reveal more personal information until a $1 million ransom has been paid. The message was later removed, along with the writer’s assertion that they had erased the data and would not sell it to anybody. The hacker also apologized to impacted customers and Optus. Email addresses from the Department of Defense and the Prime Minister and Cabinet’s Office were also leaked in this post.
The company has engaged the services of the consulting company Deloitte to conduct an unbiased external examination of the most recent data breach, which exposed the personal information of nearly 20% of Optus customers.