Optus Data Breach Announced, Experts Weigh In

It has been reported that millions of Australians have had their personal details compromised in a major cyberattack on Optus. The telco confirmed the data breach in a statement on Thursday afternoon, revealing up to 9 million Australians could be affected.

Notify of

7 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Raj Samani
Raj Samani , Chief Scientist and Fellow
InfoSec Expert
September 26, 2022 2:14 pm

The news of the data breach will be of concern to Optus customers, with reports that personal data was stolen by criminals. Personally Identifiable Information (PII) such as names and dates of births, was featured in 41% of data disclosures between April 2020 and February 2022. Stolen PII is extremely valuable to threat actors – being sold on the dark web for a high price or used to commit other crimes, for example, fraud.  Customers should stay vigilant and report any suspicious activity, since the criminals have captured contact data.

Last edited 7 minutes ago by Raj Samani
Erfan Shadabi
Erfan Shadabi , Cybersecurity Expert
InfoSec Expert
September 26, 2022 2:13 pm

Personal data, such as names, addresses, and contact details, are highly coveted by threat actors, which is why companies that store a lot of it are highly susceptible to being targeted. In the cyberattack on Optus, hackers gained access by breaking through the company’s firewall – a measure many companies may feel is enough to protect them. The reliance on firewalls, strong authentication, and passive database encryption to protect data is simply not enough – the data itself must be protected to ensure that when attackers gain access, customer and patient data will remain secure and privacy upheld. Data-centric security, like tokenization, offers the ability to protect the data itself and allows organizations to ensure compliance and security no matter who has access to the data or where it is shared.Optus customers should do what they can to protect against any further compromise by locking down personal credit and other accounts and exercising hyper-vigilance in the days and weeks to come. For Optus, the situation brings up privacy concerns and questions about the level of due diligence they’ve enacted to prevent hacks and data breaches—the outcome, depending on the facts, could include fines, legal action, and of course reputational damage.

Last edited 7 minutes ago by Erfan Shadabi
Chris Hauk
Chris Hauk , Consumer Privacy Champion
InfoSec Expert
September 26, 2022 2:13 pm

As this data breach included Optus customers’ names, dates of birth, phone numbers, email addresses and, for many, physical addresses and identification document numbers, including driving licence or passport numbers, Optus customers must take extra steps to protect their privacy and accounts.In addition to being alert for the usual phishing emails and text messages that result from breaches like this, users will want to closely monitor their financial and credit accounts, placing a freeze on new accounts. I would also urge affected customers to get a new driver’s license and passport. (Hopefully a system for this is in place in Australia.)

Last edited 8 minutes ago by Chris Hauk
Phillip.ivancic , APAC Head of Solutions Strategy
InfoSec Expert
September 23, 2022 1:30 pm

The Optus breach reinforces the complexity of cyber-security as well as the need for organisations to adopt continuous vigilance and assessment. From the little we know so far, it looks like the hardworking Optus IT Security teams should be commended for their swift actions. The fact their CEO, Kelly Bayer Rosmarin, was able to provide initial details and a public statement seemingly within hours on a national public holiday means that Optus must have a well-established, and well-practiced, Incident Response Plan.

The early reports indicate that the breach was picked up as a part of their continuous assessment framework another example of important and multi-layered defences.

Last edited 3 days ago by phillip.ivancic
Dan Davies
Dan Davies , CTO
InfoSec Expert
September 23, 2022 1:24 pm

The recent cyber-attack on Optus has exposed sensitive information for potentially millions of customers. Although the telco acted fast in responding, it was too late to protect personal data. After four significant breaches just this week, business leaders should take heed and implement the correct tools to protect their systems. It is imperative organisations put in place and update their security infrastructure constantly, as one chink in the armour could lead to a killer blow for the entire organisation. “With the corporate communication channels and the jump in their use due to the pandemic, businesses are grappling with how to secure their networks. Cyber criminals have built an impressive arsenal of weapons over recent years. Consequently, the job is only getting harder for businesses.

Last edited 3 days ago by Dan Davies
Information Security Buzz
Would love your thoughts, please comment.x