Optus customers have been informed of a cyberattack that may have compromised current and former customers' information.
Information that may have been exposed includes customers' names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses and ID document numbers such as driver's licence or passport numbers. Payment details and account passwords were not found to have been compromised as part of the attack.
The company says that it immediately shut down the attack and is working with the Australian Cyber Security Centre to mitigate any further risks to customers.
Other parties that have been notified include the Australian Federal Police, the Office of the Australian Information Commissioner and other key regulators.
"We are devastated to discover that we have been subject to a cyberattack that has resulted in the disclosure of our customers' personal information to someone who shouldn't see it," says Kelly Bayer Rosmarin, Optus CEO.
"As soon as we knew, we took action to block the attack and began an immediate investigation. While not everyone maybe affected and our investigation is not yet complete, we want all of our customers to be aware of what has happened as soon as possible so that they can increase their vigilance."
Rosmarin further stressed that the company is continuing to engage with authorities to ensure the safety of customer data as the situation evolves.
"We are very sorry and understand customers will be concerned. Please be assured that we are working hard, and engaging with all the relevant authorities and organisations, to help safeguard our customers as much as possible."
The problem has been thought to lie mainly in the customer database, and Optus services including mobile and home internet were said not to be affected.
The company also stressed that messages and voice calls have not been compromised and that Optus services remain safe to use and operate as per normal.
Optus says it encourages customers to be vigilant when looking out for possible fraudulent activity as a result of the breach and that it is working to prevent and mitigate potential harm.
"Optus has also notified key financial institutions about this matter," says Rosmarin.
"While we are not aware of customers having suffered any harm, we encourage customers to have heightened awareness across their accounts, including looking out for unusual or fraudulent activity and any notifications which seem odd or suspicious."
Optus has said it will undertake proactive personal notifications and offer further expert third-party monitoring services for customers believed to have heightened risk.