Optus confirmed yesterday that 2.1 million customers had government identification numbers compromised during a cyberattack last month.
In a press statement released yesterday, the mobile carrier updated the information regarding the personal data of 9.8 million customers exposed during the attack.
In an investigation, Optus confirmed that a total of 2.1 million customers had valid or expired ID document numbers exposed to the hackers.
Of these 2.1 million customers, 1.2 million had at least one number from a current and valid form of identification compromised, and 900,000 had ID numbers exposed but from documents that are now expired.
“Today’s update helps provide more clarity for our customers,” reads the press statement.
“Having worked with government agencies to meticulously analyse the data for the company’s 9.8 million customers, Optus can confirm the exposed information did not contain valid or current document ID numbers for some 7.7 million customers.”
However, all 9.8 million customers had other personal information exposed, including email addresses, date of birth, or phone numbers.
Optus has sent SMS text messages to customers whose ID numbers were compromised in the cyberattack with information on their next steps.
Customers whose driver’s license details were compromised can request a new driver’s license number to prevent identity theft or fraudulent activity.
The threat actor had initially attempted to extort Optus with a $1 million ransom demand not to publish or sell the stolen data.
After not receiving a payment, the hacker leaked the data of 10,000 customers on a hacking forum that included names, addresses, email addresses, phone numbers, and dates of birth.
A few days later, feeling the pressure of law enforcement, the hacker apologized to Optus and its customers and claimed to have deleted all of the stolen data.
However, as there is no way to determine if the hacker actually deleted the data, all Optus users should assume that threat actors may use their data in future fraud or phishing attacks.
Therefore, it is strongly advised to be wary of any emails claiming to be from Optus asking you to provide further information or login into your account.
If you receive an email or SMS text claiming from Optus, directly log in to the company’s site and review any messages there.
Source: www.bleepingcomputer.com