A single IT programmer’s mistake could have opened the door to a massive cyber attack on Optus that led to the personal details of up to 10 million customers being stolen.
The breach – the biggest in Australia’s history – is believed to have let hackers access some customers’ passport and driver’s licence numbers, email and home addresses, dates of birth and telephone numbers.
The telco has said its investigators don’t know who is responsible or the reason behind it – with the attack appearing to have come from several European nations at once.
But an Optus insider told the ABC that while the matter is still under investigation ‘this breach, like most, appears to come down to human error’.
‘(Optus) wanted to make integrating systems easier, to satisfy two-factor authentication regulations from the industry watchdog, the Australian Communications and Media Authority (ACMA).’
In the process, the Optus customer identity database may have been opened up to other networks.
This could have allowed hackers outside the company access to the Optus database.
A massive cyber attack on Optus that potentially saw the personal details of up to 10 million customers be stolen could be due to the mistake of an IT programmer
The company’s CEO Kelly Bayer Rosmarin confirmed payment details and account passwords had not been compromised but admitted she felt ‘terrible’ the breach had happened under her watch.
Ms Bayer Rosmarin also revealed that the IP addresses linked to the hackers had moved around various European countries, and that it was a ‘sophisticated’ breach.
That sparked fears a powerful nation – such as Russia or China – or a sophisticated organised group could be to blame.
Nigel Phair, the director for the Institute for Cyber Security, said determining the culprit of a cyber attack was difficult to investigate.
‘It may or may not (have come from Russia or another nation) but one thing I do know is cyber criminals are very good at hiding their tracks,’ he told Daily Mail Australia.
‘It most likely is a group of people but it could be one person or more, they could be together in a room or all over the world.’
Mr Phair added that he believed Optus knew much more than they were letting on, and could be providing more information to customers.
He added those who subscribe to the telco should be ‘very worried’.
‘It’s probably going to be the worst data breach Australia has ever had,’ he said.
The director for the Institute for Cyber Security at UNSW, Nigel Phair, said identifying those behind cyber breaches was one of the hardest things to investigate
‘The amount of data criminals are able to get access to, it’s as bad as it gets.’
While Optus has told customers their passwords were not stolen, Mr Phair pointed out that if hackers had other personal information such as email addresses and dates of birth, they would be able to change the passwords themselves.
The cyber security expert said he believed the attack was likely from a criminal group, who will try to monetise the information any way they can – including selling it on the dark web.
‘Cyber attacks are common but their success is not so common,’ he said.
‘The problem is people affected can’t do much. There’s no one thing that you can do to make yourself more secure.
‘All you can do is be hyper vigilant to anything unusual like text messages or phone calls coming through – really look for the unexpected.’
Optus says it does not know if a state-based actor – such as Russia (Vladimir Putin is pictured above) or China – or a criminal group of hackers were responsible for the attack
WHAT OPTUS HAS SAID ABOUT THE DATA BREACH
How did this happen?
Optus was the victim of a cyberattack. We immediately took action to block the attack which only targeted Optus customer data. Optus’ systems and services, including mobile and home internet, are not affected, and messages and voice calls have not been compromised. Optus services remain safe to use and operate as per normal.
Has the attack been stopped?
Yes. Upon discovering this, Optus immediately shut down the attack.
We are now working with the Australian Cyber Security Centre to mitigate any risks to customers. We have also notified the Australian Federal Police, the Office of the Australian Information Commissioner, and key regulators.
Why did we go to the media first instead of our customers?
The security of our customers and their data is paramount to us. We did this as it was the quickest and most effective way to alert as many current and former customers as possible, so they could be vigilant and monitor for any suspicious activity. We are now in the process of contacting customers who have been impacted directly.
What information of mine may have been exposed?
The information which may have been exposed includes customers’ names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses, ID document numbers such as driver’s license or passport numbers. Customers affected will be notified directly of the specific information compromised.
Optus services, including mobile and home internet, are not affected. Messages, voice calls, billing and payments details, and account passwords have not been compromised.
What should I do to protect myself if I suspect I am a victim of fraudulent activity?
We are not currently aware of any customers having suffered harm, but we encourage you to have heightened awareness across your accounts, including:
Look out for any suspicious or unexpected activity across your online accounts, including your bank accounts. Make sure to report any fraudulent activity immediately to the related provider.
Look out for contact from scammers who may have your personal information. This may include suspicious emails, texts, phone calls or messages on social media.
Never click on any links that look suspicious and never provide your passwords, or any personal or financial information.
How do I contact Optus if I believe my account has been compromised?
If you believe your account has been compromised, you can contact us via My Optus App – which remains the safest way to contact Optus or call us on 133 937 for consumer customers. Due to the impact of the cyberattack, wait times may be longer than usual.
If you are a business customer, contact us on 133 343 or your account manager.
How do I know if I have been impacted?
We are in the process of contacting customers who have been directly impacted.
Meanwhile, Ms Bayer Rosmarin said it was too soon to tell if the breach on Optus was a criminal or state-based attack.
‘Obviously I am angry that there are people out there that want to do this to our customers, I’m disappointed we couldn’t have prevented it,’ she said.
‘I’m very sorry and apologetic. It should not have happened.’
The data that was potentially stolen has been dated back to 2017.
Ms Bayer Rosmarin said the reported figure that 9.8million people had had their data breached was the ‘worst case scenario’, and Optus expected the number to be much fewer.
‘It’s a small subset of data, it does not include any financial details, it does not include passwords,’ she said.
The AFP on Friday said they would work with Optus to ‘obtain the crucial information and evidence needed to conduct this complex, criminal investigation.
‘The AFP’s specialist Cyber Command, will work closely with a number of agencies, including the Australian Signals Directorate.’