Here are key takeaways from Dialog's statement regarding the incident:
- Dialog experienced a cybersecurity incident on September 20, 2022 in which a third party illegally accessed its servers. The company shut down the servers as a preventative measure and restored them within two business days.
- On October 7, Dialog found out that a small sample of its data, including some employee personal information, was published on the dark web.
- Dialog has notified relevant authorities about the incident.
- The incident may affect up to 20 clients and 1,000 current Dialog employees and former employees, and Dialog is supporting those who may be impacted to protect them against fraudulent activity.
Dialog is "actively engaging with potentially impacted stakeholders to share information, support and advice" to address the incident, the company said.
Optus Discloses Cyberattack
Dialog's cybersecurity incident comes after Optus notified its customers about a cyberattack in September 2022. One report indicated up to nine million Optus customers may have been affected by the attack.
Optus noted the following customer information may have been compromised during the attack:
- Dates of birth
- Phone numbers
- Email addresses
- ID document numbers such as driver's license and passport numbers
Optus Stops Attack
Optus has "shut down the attack," the company indicated. It has notified the Australian Federal Police, the Office of the Australian Information Commissioner and other Australian regulators about the attack. It also is working with the Australian Cyber Security Centre to mitigate any risks to customers and hired Deloitte to conduct an independent external review of the attack.
To date, there is no evidence of any link between the Dialog and Optus cyberattacks. Investigations may be completed to provide additional insights into the cyberattacks and why they occurred.