(Bloomberg) -- Singapore Telecommunications Ltd. is engaging lawyers after a major data breach at its Australian unit Optus, even though the company has yet to receive any legal notice of a class action lawsuit. 

Optus, Australia’s second-largest mobile-phone operator that’s owned by SingTel, said last month hackers had exposed records of 9.8 million current and former customers. Millions of them lost details of passports, drivers licenses or medical identity cards, the Australian government said.

Reports of potential fines and costs are “speculative at this juncture” and should not be relied upon, SingTel said in a statement to the Singapore stock exchange. Any potential class action will be “vigorously defended,” it added. 

Optus has also hired Deloitte to conduct an independent assessment of its security systems as well as the recent breach, it said in a separate statement. The agency will work with Optus, SingTel and international cyber experts, according to the statement.

The breach, which affected over one third of the Australian population, risks wiping out more than one quarter of SingTel’s annual profit. Prime Minister Anthony Albanese said Optus should pay for replacement passports, and Australia’s biggest states said Optus would pick up the tab for new driving permits.

“While our overwhelming focus remains on protecting our customers and minimizing the harm that might come from the theft of their information, we are determined to find out what went wrong,” said Kelly Bayer Rosmarin, Optus’s chief executive officer. “This review will help ensure we understand how it occurred and how we can prevent it from occurring again.”

Cyberattacks have become more common worldwide, exposing at least 11.43 billion customer records at several hundred entities in the space of more than a decade. Australian police are working with the US Federal Bureau of Investigation on the Optus hack.

©2022 Bloomberg L.P.