Human error may have been behind a massive data breach affecting telco giant Optus, new reports suggest.
Days after sensitive customer information was leaked, including passport and driver’s licence numbers, an anonymous source within the company has pointed the finger at IT programmers.
The “senior insider” told the ABC an error made by a programmer may have opened the door for hackers.
“(It’s) still under investigation; however, this breach like most appears to come down to human error,” the source told the ABC.
The source claimed programmers were attempting to open up Optus’ customer identity database to other systems via what’s known as an application programming interface.
While it was believed the process would only grant access to authorised company systems, outsiders may have been granted access via a test network.
“Eventually one of the networks it was exposed to was a test network which happened to have internet access,” the source reportedly said.
Australian Federal Police have launched a probe after receiving a referral from Optus about the alleged “mass data breach”.
“The AFP will work with Optus to obtain the crucial information and evidence needed to conduct this complex, criminal investigation,” a statement on Friday read.
“The AFP’s specialist cyber command will work closely with a number of agencies, including the Australian Signals Directorate.”
Optus chief executive Kelly Bayer-Rosmarin apologised for the cyber intrusion in a conference call with reporters on Friday, saying “it should not have happened”.
“I’m disappointed that we couldn’t prevent it,” she said.
“It undermines all the great work we’ve been doing to be a pioneer in this industry, be a challenger, and create new and wonderful experiences for our customers. I’m really sorry.”
Optus emailed customers on Friday and explained why they may have learned of the breach via the news before hearing from the company.
“You would have seen we announced this first in the media,” the telco wrote.
“We did this as it was the quickest and most effective way to alert you and all our customers, while also communicating the severity of the situation through trusted media sources.”
The cyber breach could have wide-reaching consequences for both private and small business customers, Ms Bayer-Rosmarin acknowledged.
In an “absolute worst-case scenario”, 9.8 million customers were affected, although Ms Bayer-Rosmarin cautioned that authorities were still investigating the breach and the full impact was not yet known.
Unconfirmed screengrabs from a dark web hacker forum show cyber criminals claiming to have access to one million Optus phone numbers.
Ms Bayer-Rosmarin urged customers to be on the watch for suspicious contacts in the near future, fearing bad actors who access the stolen data could use it to place scam calls.
“What customers can do is just be vigilant,” she said.
“It really is about increased vigilance, and being alert to any activity that seems suspicious or odd or out of the ordinary.
“If somebody calls you and says they want to connect to your computer and says to give them your password or let them in, don’t allow that to occur.”
Customers who have been affected will be contacted by Optus in the coming days.
Stay connected with us on social media platform for instant update click here to join our Twitter, & Facebook
We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.
For all the latest Business News Click Here
