Optus data breach: Small business customers likely exposed to major cybersecurity attack
Optus has fallen victim to a major data breach, potentially exposing the personal information of millions of customers, including small businesses.
A massive cyberattack potentially exposing the personal data of millions of Optus customers has highlighted the vulnerability of Australiaโs small business community to hackers, industry observers say.
On Thursday, Optus, Australiaโs second-largest telco, revealed it had fallen victim to a major cyberattack that exposed sensitive information to unauthorised parties.
โThe information which may have been exposed includes customersโ names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses, ID document numbers such as driverโs license or passport numbers,โ the company said in a statement.
Messages, voice calls, and customer account details, including billing information and passwords, were not compromised in the attack, Optus added.
In a Friday press conference, Optus CEO Kelly Bayer Rosmarin said the โabsolute worst case scenarioโ is that as many as 9.8 million customers were affected, but the company expects the final figure to be lower.
The company said it immediately closed the vulnerability once it was discovered and has launched an investigation into its source: an IP address that appeared to move across Europe during the attack.
โIt is too early to determine if the hack was perpetrated by cybercriminals or state-based hackers,โ Rosmarin said.
โWe donโt yet know who these hackers are or what they want to do with this information,โ she said.
Optus is now working with the Australian Federal Police, the Australian Cyber Security Centre, and the Australian Information Commissioner as it chases the source of the attack and works to minimise its fallout.
Small businesses in the crossfire
While Optus confirmed the cyberattack did not reach any enterprise customers customer information, Rosemarin said small business clients, whose personal and business accounts could be one and the same, could be affected.
The cyberattack should serve as something of a wake-up call to Australian small businesses, said Skye Theodorou, co-founder of insurance startup upcover, and a former cybersecurity advisor to the NSW Small Business Commissioner.
โThis is really something for business owners and individuals, but business owners particularly, to take very seriously,โ she told SmartCompany.
If worst comes to worst, those with access to personal information linked to those Optus accounts could sell those details on the dark web, potentially allowing other criminals to impersonate business owners.
โWhat that means is that now and into the future, these credentials โฆ can be used by individuals to try and perpetrate identity theft and fraud against you,โ she said.
The telco is proactively contacting its most at-risk customers, but Theodorou said customers could consider changing passwords and login details for accounts using the same email address tied to their Optus account.
While Optus has not indicated that any payment details were accessed, Theodorou said the most concerned small business clients could consider imposing online transaction limits on their bank accounts to ward off fraudulent transfers.
For her part, Rosemarin said reducing the cyberattackโs impact on small business clients and individuals alike will require a more holistic approach.
โWe donโt have a simple messageโฆ just be vigilant,โ she said, calling on customers to be โalert to any activity that seems odd or suspicious or out of the ordinaryโ.
