Optus customers' private information could be compromised after a cyber attack hit the phone and internet provider.
Millions of customers' names, dates of birth, phone numbers, email addresses, driver's licence numbers, passport numbers or addresses could have been accessed in the attack, Optus has confirmed.
Payment details and account passwords have not been compromised.
Optus says it is working with the Australian Cyber Security Centre to limit any risk to current and former customers.
The Australian Federal Police, the Office of the Australian Information Regulator and other key regulators have also been notified.
"As soon as we knew, we took action to block the attack and began an immediate investigation," Optus chief executive Kelly Bayer Rosmarin said in a statement on Thursday.
"While not everyone may be affected and our investigation is not yet complete, we want all of our customers to be aware of what has happened as soon as possible so that they can increase their vigilance.
"We are very sorry and understand customers will be concerned. Please be assured that we are working hard ... to help safeguard our customers as much as possible."
Scamwatch has advised Optus customers to secure their personal information by changing online account passwords and enabling multi-factor authentication for banking.
Affected customers should also place limits on bank accounts, monitor for any unusual activity, and request a ban on credit reports if any fraud is suspected.
"It is important to be aware that you be may be at risk of identity theft and take urgent action to prevent harm," Scamwatch said in a statement on Thursday.
"Scammers may use your personal information to contact you by phone, text or email.
"Never click on links or provide personal or financial information to someone who contacts you out of the blue."
Liberal Senator James Paterson, who sits on the federal parliament's intelligence committee, said this was one of the most serious cyber attacks ever suffered by an Australian business.
"It is important to understand how this happened, who the attacker is, what mitigations can be made (and) what changes are necessary to prevent it from re-occurring," he said in a tweet on Thursday.