The Australian claimed the data breach affected up to nine million customers.

Optus said in a statement that information which may have been exposed included customers’ names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses, ID document numbers such as driver's licence or passport numbers.

It claimed payment details and account passwords had not been compromised.

Optus said it had blocked off the attack after finding out about it and notified the Australian Federal Police, the Office of the Australian Information Commissioner and what it referred to as "key regulators".

Chief executive Kelly Bayer Rosmarin said: "We are devastated to discover that we have been subject to a cyber attack that has resulted in the disclosure of our customers’ personal information to someone who shouldn’t see it.

"As soon as we knew, we took action to block the attack and began an immediate investigation.

"While not everyone may be affected and our investigation is not yet complete, we want all of our customers to be aware of what has happened as soon as possible so that they can increase their vigilance.

"We are very sorry and understand customers will be concerned. Please be assured that we are working hard, and engaging with all the relevant authorities and organisations, to help safeguard our customers as much as possible."

The company said Internet access and mobile calls had not been affected.

Bayer Rosmarin added: "Optus has also notified key financial institutions about this matter. While we are not aware of customers having suffered any harm, we encourage customers to have heightened awareness across their accounts, including looking out for unusual or fraudulent activity and any notifications which seem odd or suspicious.”