Optus revealed it had been hit by a cyberattack which resulted in unauthorised access of current and former customers’ information, including names, birth dates, confidential ID documents and email addresses.
In a statement, the Australian subsidiary of Singtel explained it had immediately halted the violation and was working with the Australian Cyber Security Centre to mitigate any risks to customers.
It also notified police and key regulators.
Information which may have been exposed includes personal details such as phone numbers, while a subset of customers also had their addresses and ID document numbers compromised.
The company said payment details and account passwords had not been exposed and its mobile and internet services remained running as normal.
Optus CEO Kelly Bayer Rosmarin sait it was “devastated” by the attack and immediately took action to block it and investigate.
“While not everyone may be affected and our investigation is not yet complete, we want all of our customers to be aware of what has happened as soon as possible so that they can increase their vigilance,” she added.
The Sydney Morning Herald reported up to 9 million customers had been affected.