iTnews Asia
  • Home
  • News
  • Security

Optus CEO says attack may have been launched from Europe

Optus CEO says attack may have been launched from Europe

Customers will know where they stand 'over the next few days'.

By Richard Chirgwin on Sep 23, 2022 11:25AM

The CEO of SingTel's Australian subsidiary Optus, Kelly Bayer Rosmarin has publicly apologised for a cyber incident that has resulted in an extensive breach of sensitive customer data.

She said early indications are that the attack originated from somewhere in Europe.

“Without saying too much, the IP address kept moving … it’s a sophisticated attack," she said.

"Safe to say it comes out of various countries in Europe.”

She said it is too early for Optus to know whether the attack was launched by a state-based actor or cyber criminals, but confirmed that the Australian Federal Police is investigating.

In response to criticism that customers haven’t yet had direct contact, she explained that after learning of the breach on Wednesday, it was decided “to put a call out to all of our customers to be on alert in the best way that we can" - via media organisations.

Breached customer data could date back as far as 2017.

However, Bayer Rosmarin said Optus “has reason to believe” the attack affected far less than 9.8 million customers.

Emsisoft threat analyst Brett Callow posted on Twitter that he had seen 1.1 million records purportedly from Optus offered for sale on September 17.

“I want to make it clear that [9.8 million] is the absolute worst-case scenario," she said.

"We have reason to believe that the number is actually smaller than that.

“But we are working through reconstructing exactly what the attackers have received."

Bayer Rosmarin would not confirm the accuracy or otherwise of Callow’s tweet: “We are still working to validate that that information is relevant and is even Optus data," she said.

“One of the challenges, when you go public with this sort of information, is you can have lots of people claiming lots of things … there is nothing that's been validated and for sale that we're aware of, but the teams are looking into every possibility."

Optus said it would prioritise contact with customers that had the largest amount of data exposed.

“Over the next few days, all customers will know in what category they fall.”

To reach the editorial team on your feedback, story ideas and pitches, contact them here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
data breach optus security telco

Related Articles

  • Your organisation’s physical security can be a gateway for cybercriminals
  • The best way to outsmart your threat actors is to think like one
  • SB Finance partners PLDT Enterprise to modernise infrastructure
  • Singapore’s OSTIn and IMDA to develop hybrid satellite-terrestrial networks
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Your organisation’s physical security can be a gateway for cybercriminals

Your organisation’s physical security can be a gateway for cybercriminals
The best way to outsmart your threat actors is to think like one

The best way to outsmart your threat actors is to think like one
Malaysia's Maxis Berhad investigates claims on alleged data breach

Malaysia's Maxis Berhad investigates claims on alleged data breach
Malaysia ramps up cyber security defense to stem rising fraud and ransomware attacks

Malaysia ramps up cyber security defense to stem rising fraud and ransomware attacks
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of Lighthouse Independent Media's Privacy Policy and Terms & Conditions.