QUOTE: Hackers have breached Optus’ systems in one of the largest cyberattacks in Australian history, accessing names, dates of birth, phone numbers, email addresses, physical addresses and driver’s licence numbers of millions of the telecommunications giant’s customers.

Well-placed sources not authorised to speak publicly said that up to 9 million customers had been affected. Many had their contact details exposed to the hackers, who also pilfered even more sensitive details, such as passport and drivers’ licence numbers, for a smaller portion of Optus customers.

. . .

“Unfortunately, we became aware late yesterday that there was an unusual activity [on our network] that was a cyberattack,” Bayer Rosmarin said on the ABC. “We’re still really in the throes of investigating exactly what information has been accessed and working with all the authorities and others to try and determine who has access to them for what purpose.”

Unfortunate she says. Floptus system management incompetence I'd say.

https://www.smh.com.au/technology/customer-data-exposed-in-major-optus-hack-20220922-p5bk7v.html

This sort of thing is attempted more then you realise. Why do you think the banks have so many outages.
The optus one even though it was serious was quickly reported.

The optus one even though it was serious was quickly reported.

All and any such hacks must, by law, be reported promptly: https://www.oaic.gov.au/privacy/notifiable-data-breaches/report-a-data-breach

I would put bank outages down to screwed-up software and/or hardware upgrades.

Here we go:

QUOTE: Preliminary investigations by Optus suggest an error by an IT programmer may have inadvertently allowed cyber criminals to steal personal details of potentially millions of customers.

. . .

The process allegedly involved opening up the Optus customer identity database to other systems via what's known as an Application Programming Interface, with the assumption that the API would only be used by authorised company systems.

"Eventually one of the networks it was exposed to was a test network which happened to have internet access."

This allowed access to the Optus network from outside the company.

Management incompetence. This is a 1 billion dollar organisation, not a mum and dad operation. No way that management can escape responsibility for this. As the saying goes: There are no bad troops. There are only bad leaders.

https://www.abc.net.au/news/2022-09-23/optus-hack-likely-result-of-human-error/101468846

The bottom line is, that regardless of the law and associated penalties, there is no such thing as a hack-proof computer system. Where ever there is a lock, there is a key to open it or someone who knows how to pick the lock. It can be mechanica, electrical or built on computer logic - all locks are the same.

Optus will likely face fines of millions for this, once the investigation is done and dusted. The laws aren't really in place to cover events like this, they were originally intended to cover companies that adopt a completely cavalier approach to IT security. That said, the law does apply equally, regardless of intent. All blue chip companies cop attacks around the clock on their IT systems. It just comes with the territory.

In the case of this site, the registration form doesn't ask for the kinds of details that have been subject to Optus' attack. I've always felt that it would be pointless to request information that I do not need for the running of this site, which means the site doesn't ask for it. Unfortunately, a telephone company doesn't have that luxury and needs to know the usual customer details, often including credit card numbers and proof of age. These, along with real names, are what hackers can sell.

‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾
A valve a day keeps the transistor away...

companies that adopt a completely cavalier approach to IT security.

Whenever there's a such screw-up -- in this case apparently opening up the system to outside access -- there's typically a failure to plan for and/or carry out effective risk management, which is one of the key responsibilities of project/security managers. There's simply no excuse for this.

I've always said that the last job I would ever want is to be an IT manager anywhere, large or small. They wouldn't always get a good night's sleep. The problem is, unless one's staff are really on top of their game at all times, intrusions into systems won't be seen until it is too late and often, a hack doesn't get detected until staff discover an anomaly down the track which means the damage has been done and the dollars made well and truly by then.

‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾‾
A valve a day keeps the transistor away...

According to an Optus source the reason driver's licence and/or passport details are kept is that it is a regulation to keep them for 6 years. On that basis my licence details should not have been compromised - did not use my passport details. So went in to Optus shop to check up on this and sure enough they did not have my driver's licence details on file.
So that only leaves the name/address/birthdate/phone number details to be concerned about - no small thing. No notification yet but one of my daughters has been notified that these details are compromised for her- so maybe I am OK - fingers crossed.

QUOTE: The news [of the cyber attack] comes after it was revealed Optus argued against changing privacy laws to give Australians more rights over their data two years before losing the personal information of customers from as far back as 2017.
. . .

The Singaporean-owned telco giant more than once opposed proposed changes to the Privacy Act that would have given customers the right to request their data be destroyed.

https://www.dailytelegraph.com.au/technology/online/optus-opposed-giving-australians-more-rights-over-their-own-data-before-cyberattack/news-story/582533e616c28168bbb82bd6d191d30e

QUOTE: Singaporean-owned

I wouldn't support a foreign owned service provider:

Australia's wealth is being drained overseas.

TPG is also increasingly foreign owned:
wiki/TPG_Telecom#Merger_announcement

Haa police caught a hacker who grabbed information for 10,000 optus customers off the dark web. He sent messages demanding $2000 be paid into his commonwealth bank account, otherwise he will use their info for criminal activity. How dumb can he be lol.

What is it about a 19 year old criminal who freely gives his bank account details on the net to those he wishes to steal from?

I bet they called him Brain Cell at school (if indeed he did go to school)

I'd put whoever at Optus let this happen in the same class as 'Brain Cell'.

Heads need to roll over this debacle, starting at the top.