Optus under further fire for cyber breach, purported hacker claims data deleted
Reuters
Published Sep 26, 2022 09:38PM ET
Updated Sep 27, 2022 04:38PM ET
By Renju Jose and Byron Kaye
SYDNEY (Reuters) -Australian telecoms giant Optus came under more fire from the government on Tuesday for a massive cyber breach, while an anonymous online account believed to be that of the hackers said it was deleting stolen data and withdrawing a $1 million ransom demand.
Singapore Telecoms-owned Optus, the country's No. 2 mobile operator, said last week that data of up to 10 million customers including home addresses, drivers' licenses and passport numbers had been compromised in one of Australia's biggest data breaches.
An account called 'optusdata' in an online forum, believed by cybersecurity experts to be that of the hackers, had threatened to publish the data of 10,000 Optus customers per day unless they received $1 million in cryptocurrency.
On Tuesday, however, the account holders posted they had deleted the data due to "too many eyes", were withdrawing their ransom demand and were sorry for having already leaked data of 10,200 Australians.
Optus and the Australian Federal Police, which have been working with the Federal Bureau of Investigation and other offshore law enforcement agencies to probe the cyberattack, declined to comment on whether they believed the 'optusdata' account holders were behind the breach.
The Australian federal government has blamed Optus for the breach, flagged an overhaul of privacy rules and higher fines, and suggested the company had "effectively left the window open" for hackers to steal data.
Minister For Cyber Security Clare O'Neil said she was "incredibly concerned ... about reports that personal information from the Optus data breach, including Medicare numbers, are now being offered for free and for ransom", referring to the government's health insurance scheme.
Optus Chief Executive Kelly Bayer (OTC:BAYRY) Rosmarin said the incident had generated "a lot of misinformation" and the company took data protection seriously.
"Given we're not allowed to say much because the police have asked us not to, what I can say ... is that our data was encrypted and we had multiple players of protection," Bayer Rosmarin told ABC Radio.
She added that most customers understand that "we are not the villains" and that the company had not done anything deliberate to put data at risk.
Get The News You Want
Jeremy Kirk, a cybersecurity researcher and writer who said he had been in contact with the purported hacker, tweeted that it was unclear why they changed their mind but "this doesn't change the risk for anyone exposed".
"The Optus data has been stolen, and we can't trust this person. No guard should be let down," he wrote.
Written By: Reuters
Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.