Optus CEO says attack may have been launched from Europe

Optus CEO says attack may have been launched from Europe

Customers will know where they stand 'over the next few days'.

By on

The CEO of SingTel's Australian subsidiary Optus, Kelly Bayer Rosmarin has publicly apologised for a cyber incident that has resulted in an extensive breach of sensitive customer data.

She said early indications are that the attack originated from somewhere in Europe.

“Without saying too much, the IP address kept moving … it’s a sophisticated attack," she said.

"Safe to say it comes out of various countries in Europe.”

She said it is too early for Optus to know whether the attack was launched by a state-based actor or cyber criminals, but confirmed that the Australian Federal Police is investigating.

In response to criticism that customers haven’t yet had direct contact, she explained that after learning of the breach on Wednesday, it was decided “to put a call out to all of our customers to be on alert in the best way that we can" - via media organisations.

Breached customer data could date back as far as 2017.

However, Bayer Rosmarin said Optus “has reason to believe” the attack affected far less than 9.8 million customers.

Emsisoft threat analyst Brett Callow posted on Twitter that he had seen 1.1 million records purportedly from Optus offered for sale on September 17.

“I want to make it clear that [9.8 million] is the absolute worst-case scenario," she said.

"We have reason to believe that the number is actually smaller than that.

“But we are working through reconstructing exactly what the attackers have received."

Bayer Rosmarin would not confirm the accuracy or otherwise of Callow’s tweet: “We are still working to validate that that information is relevant and is even Optus data," she said.

“One of the challenges, when you go public with this sort of information, is you can have lots of people claiming lots of things … there is nothing that's been validated and for sale that we're aware of, but the teams are looking into every possibility."

Optus said it would prioritise contact with customers that had the largest amount of data exposed.

“Over the next few days, all customers will know in what category they fall.”

To reach the editorial team on your feedback, story ideas and pitches, contact them here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
data breach optus security telco

Most Read Articles

Google Cloud database service patched against critical vulnerability

Google Cloud database service patched against critical vulnerability
SMRT Corporation finds new CISO

SMRT Corporation finds new CISO
Singapore public sector saw 178 data breaches in 2021

Singapore public sector saw 178 data breaches in 2021
Zuellig Pharma launches Asia's first healthcare data exchange platform

Zuellig Pharma launches Asia's first healthcare data exchange platform