(Bloomberg) -- Australian authorities are investigating reports alleging that customers’ personal data are being sold online after the Australian unit of Singapore Telecommunications Ltd. was hit by a major cyberattack earlier this week.

Federal police on Saturday confirmed its personnel were “using specialist capability” to monitor the dark web and a number of other forums as concerns mount about the scale of the data breach and the millions of Optus customers that may have been affected. 

Personal information including names, birth dates, phone numbers and email addresses are among data that may have been exposed, SingTel said in a statement to the Singapore Exchange Thursday. The attack may have exposed the addresses and identification-document details of a smaller number of customers, it said.

Already, there are fears about theft of data, after an alleged threat was made by hackers to sell millions of customers’ data unless Optus paid $1 million in ransom. The post has not been officially verified.

READ: Optus Probes Cyberattack That May Have Exposed Customer Data

Optus said on Saturday that it’s in the process of contacting individuals that have had their personal details directly impacted and is working with relevant authorities. A spokesperson for the company said “the attack is likely to trigger a number of claims and scams from criminals seeking to benefit financially.”

No passwords or financial details have been compromised, Optus said.

A spokesperson for the Australian Federal Police said authorities would not hesitate to take action if individuals are found to have broken the law, with penalties of as long as ten years for buying stolen credentials.

©2022 Bloomberg L.P.