The 9.8 million subscribers affected by the data breach have 1.2 million valid forms of identity. According to the Singtel-owned Australian operator, who also said that Deloitte has been hired to look into the hack’s causes.

According to Optus, 1.2 million users with at least one form of legitimate and current identification number were impacted by the most recent data breach. Deloitte has also been hired by the Australian mobile operator to oversee an investigation into the cybersecurity problem. This includes how it happened and how it might have been avoided.

In a statement released on Monday, Optus stated that the telco’s security systems, controls, and procedures will be covered by Deloitte’s independent external examination of the breach. The business’s parent company Singtel, which has been “closely watching” the issue, supported the action, it added.

Optus CEO Kelly Bayer Rosmarin further on Deloitte’s forensic analysis, saying: “By reviewing it. We can make sure we comprehend what happened and how to avoid it from happening again. It will assist in guiding Optus’s response to the situation. Others in the public and corporate sectors that deal with sensitive data and are vulnerable to cyberattacks can also benefit from this.

Optus said that it has collaborated with over 20 government entities to assess the scope of the data leak.

The Australian operator reported that, out of its 9.8 million total users, 1.2 million had at least one number from a current and valid form of personal identity information that was compromised in the attack. Optus claimed that it has been in touch with these clients and advised them to update their identification documents.

The Main Thing

In addition to personal information, the data of an additional 900,000 clients included numbers linked to out-of-date identification cards that were also hacked. Optus stated it collaborates with government organizations to determine what, if any, additional actions should be taken for these customers. The telco continued by saying that it had informed these consumers of the theft of their ID documents.

The remaining 7.7 million customers’ compromised data included email addresses, birth dates, and phone numbers. But did not include legitimate or current identity numbers. Optus advised these consumers to “be watchful.”

The telecom announced on Sunday that it has issued SMS or email warnings to consumers in six states, including New South Wales. The Medicare card numbers were disclosed along with clients whose driver’s licenses and card numbers were compromised.

It continued collaborating with the Queensland and Victoria state governments to find clients whose driver’s license information had been compromised.

14,900 Medicare identity numbers that were compromised in the hack, according to Optus, were still valid and active. There were 22,000 more clients with invalid Medicare card numbers. These clients had all received notification.

Multiple local sources point to an online API (application programming interface) that allegedly did not require authentication or authorization for client data to be accessed. However, the telco has yet to offer information on how the hack occurred or what systems were breached.

Clare O’Neil, Australia’s Minister of Home Affairs, criticized Optus last week for the breach: “It wasn’t a well-planned attack that occurred at Optus. This nation shouldn’t have a telecom provider who essentially left the door open for data theft of this kind. They are at fault. The cyberattack that was conducted here wasn’t extremely difficult technologically.”

The Final Word

The data leak, according to Australian Prime Minister Anthony Albanese, also highlights the necessity of updating the nation’s cybersecurity regulations. We are aware that this breach was entirely avoidable, Albanese stated. After a decade of inaction, clearly, we need better national regulations to manage the enormous quantity of data that firms are collecting about Australians. And clear repercussions for when they do not manage it well.