You might have heard about a breach in late September 2022 that hit the Australian-based telecom company, Optus. With 9.7M subscribers, they’re the second-biggest telecoms company in Australia. So far, we don’t know how many of those customers were affected. We do know that the breach is reportedly over.
The downside? Information exposed includes names, birthdays, phone number, email and home addresses, driver’s licenses, and even passport numbers. The consequences of this data breach for customers could be severe, and throws into question the security of our data when we entrust so much personally identifying information (PII) to telecom companies.
How the Hackers Got In
Big organizations are natural targets for hackers because they have so much private information about you stored on their servers. Comparatively, the jackpot for breaching Optus outweighs that which a singular targeted individual might have stored on their personal computer.
As soon as they noticed, Optus launched an investigation and notified authorities, as well as financial institutions, about the breach. This is proper protocol anytime private information in your care is wrongfully disclosed. While voice calls, passwords and financial information are said to be untouched in this case, the fact of the data breach still raises questions about the security of your personally identifiable information and just how much data is stored in your telecom service’s database. In fact, the telecommunications industry has seen more cyber-threats stacked against them in recent years than ever before, given the rise in digitization all over the world.
The Threat Against Critical Infrastructure
You may have heard about various cybersecurity laws being passed throughout multiple countries in the past few years. Many of them, like the U.S. Cyber Incident Reporting for Critical Infrastructure Act of 2022, are aimed directly at protecting those systems necessary to our day to day lives. Everything from communication to transportation comprises the “critical infrastructure” that has been experiencing more online attacks and, thus, beholden to the subsequent laws made to protect these various industries.
Cyber-attacks against critical infrastructure pose a risk to national security as well as being a frustrating disruption to our lives. While more bad actors mount attacks against telecom companies, these businesses are simultaneously expanding their online services to better cater to the modern customer’s expectations. Given the capabilities of today’s technology, as consumers we expect ultimate efficiency in every online interaction. To meet this, more companies are finding themselves facing attacks aimed at the Internet of Things; more dangerous insider threats, especially as remote work flourishes; third-party threats, denial-of-service attacks and so much more.
Cloud Risks and Safety
To safely store and retrieve your account information as needed, telecom companies store customer data in a remote and encrypted cloud server. This means that theoretically only those with your password and log-in can access those files. For cloud services just getting on their feet, this introduces room for Zero-day attacks and new vulnerabilities. Organizations of ALL sizes need to beware what cyber-threats they’re opening themselves up to when investing in later and greater technology; and especially those, like Optus, who hold valuable information on millions of people.
How can we defend against these risks? Enable multi-factor authentication to verify your identity elsewhere, like SMS message or one-time passwords, before accessing any account information. Additionally, you should always choose vendors who invest as much into cybersecurity as they do in shiny new devices.
Optus was one of the latest telecom companies to experience a data breach, but they aren’t the first and won’t be the last database to get hacked. Any service provider that you give access to so much personal information is an additional avenue for hackers to find it. While you can’t avoid a phone plan in 2022, you can take steps to safeguard your accounts and choose service providers that invest in threat mitigation before they explode into data breaches.
In the meantime, you can do little things every day to improve the security of all your favorite screens. Add extra security measures to your accounts or use single sign-on so compromised credentials don’t necessary equal data theft. Use different emails and passwords for all your profiles so if one is found on the Dark Web, the rest are still protected. Finally, follow our blog for the latest news and tips in cybersecurity!