Sensitive information about almost 10 million Australian telecoms subscribers may have been compromised by a massive hack of the country's second-largest provider, the firm revealed Friday.

Optus chief executive Kelly Bayer Rosmarin said a "sophisticated" actor was behind a cyberattack, which gained access to information about up to 9.8 million users.

The data accessed included customers' names, dates of birth, phone numbers and email addresses, as well as some driver's licence and passport numbers.

No passwords or bank details were taken, according to the Singapore-owned firm.

It is not yet clear whether the attack came from a state-based or criminal organisation, but Bayer Rosmarin said no ransom demand had been made.

"It's too early to rule out any possibility," she said, adding that police and the Australian government were investigating.

"We don't yet know who these attackers are and what they want to do with this information."

The Australian Competition and Consumer Commission warned Australians who were potentially impacted -- a number that matches almost half the country's population -- that they could be at risk of identity theft.

"Optus customers should take immediate steps to secure all of their accounts, particularly their bank and financial accounts. You should also monitor for unusual activity on your accounts and watch out for contact by scammers," the watchdog said.