"Optus takes the protection of customer data and privacy seriously," an Optus spokeswoman told ZDNet in a statement. "Optus has become aware that an employee of a third-party supplier posted a document containing customer data to a public website. This action was unauthorised by Optus and its supplier, ARC."The spokeswoman went on to state that Optus is currently conducting a full investigation of the incident, that ARC Mercantile is cooperating with Optus in undertaking due diligence, and that Optus has reported the breach to the relevant authorities. One of the parties voluntarily notified by Optus was The Office of the Australian Information Commissioner (OAIC), which has applauded the Australian telecommunications provider for its actions:
"The OAIC has since been in contact with ARC Mercantile and Optus about this incident," a statement from the OAIC reads. "We are pleased to see that Optus has notified affected individuals about this incident. Notification can be an important mitigation strategy that has the potential to benefit both the organisation and the individuals affected by a data breach. The OAIC strongly encourages notification in appropriate circumstances as part of good privacy practice."This news follows just months after Optus agreed to an independent review of its security systems after suffering three separate data breaches between 2008 and 2013.