The company adds that it immediately shut down the attack but is working with the Australian Cyber Security Centre to mitigate any risk to customers.
"We are devastated to discover that we have been subject to a cyberattack that has resulted in the disclosure of our customers’ personal information to someone who shouldn’t see it," said Kelly Bayer Rosmarin, Optus CEO.
"As soon as we knew, we took action to block the attack and began an immediate investigation. While not everyone may be affected and our investigation is not yet complete, we want all of our customers to be aware of what has happened as soon as possible so that they can increase their vigilance.
Information that may have been exposed includes customers’ names, dates of birth, phone numbers, email addresses and for some customers, addresses, ID document numbers such as driver’s licence or passport numbers.
Payment details and account passwords were not compromised.
“We are very sorry and understand customers will be concerned. Please be assured that we are working hard, and engaging with all the relevant authorities and organisations, to help safeguard our customers as much as possible,” Rosmarin added.
It has been reported that the intrusion is believed to have occurred through an exploitation of an application programming interface, although this has not been confirmed by Rosmarin.
The CEO said that the cyberattack was the “subject of criminal proceedings” and would work with Australian federal police to resolve the matter.