SecurityWeek reports the Australian mobile carrier Optus has confirmed that 2.1 million clients had their personal ID numbers compromised as a result of a data breach last month, nearly 900,000 of whom had data stolen from expired IDs.
Such a disclosure comes days after the attacker leaked 10,000 Optus customer records, which contained user data such as names, birthdates, home and email addresses, and phone numbers, in addition to personal identification numbers. The attack has also compromised 14,900 valid Medicare ID numbers.
All clients whose valid IDs have been exposed in the attack have already been notified, according to Optus CEO Kelly Bayer Rosmarin, who added that another investigation on the incident is being led by Deloitte.
"As part of the review, Deloitte will undertake a forensic assessment of the cyberattack and the circumstances surrounding it," noted Optus. Meanwhile, the attack has prompted Australian officials to consider more stringent data protection laws.