Optus data breach: Australian police investigate alleged hacker’s $1 million ransom demand

China Accuses NSA of Hacking its Aeronautics, Space Research University: Report

Australian police were investigating an alleged hacker’s release of the stolen personal data of 10,000 Optus customers and a ransom demand of $1 million (about Rs 8 crore) in cryptocurrency, the telecom company’s chief executive said on Tuesday.

The Australian government has blamed lax cybersecurity at the country’s second-largest wireless carrier for an unprecedented breach last week of the personal data of 9.8 million current and former Optus customers.

Sydney-based cybersecurity writer Jeremy Kirk said the alleged hacker, who uses the online name OptusData, had released 10,000 Optus customer records on the dark web and threatened to release another 10,000 every day for the next four days. , until Optus paid the ransom. ,

Asked whether the hackers threatened to sell the remaining data if Optus did not pay the $1 million within a week, the company’s chief executive Kelly Baer Rosmarin told Australian Broadcasting Corp: “We have seen that There is a post like this on the dark web. …”

The Australian Federal Police said on Monday that their investigators were working with foreign agencies, including the FBI, to find out who was behind the attacks and to help protect the public from identity fraud. Police declined to comment further on Tuesday as the investigation was ongoing.

“They are looking at every possibility and they are using the time available to see if they can track down that particular criminal and verify if they are true,” Bayer Rosmarin said.

Kirk wrote on his website BankInfo Security that OptusData later deleted the post with three samples of the stolen data.

OptusData sent Kirk a link to the new post that withdrew the ransom demand, claimed the stolen data had been removed and apologized to Optus as well as its customers.

“Too many eyes. We will not sell the data to anyone,” Post said, adding that Optus did not pay the ransom.

Kirk said he asked why OptusData changed its mind, but received no response.

National Data Protection Authority, Australian Information and Privacy Commissioner Angeline Falk said the latest post “indicates … this is a very fast-moving phenomenon.”

“This is a major incident of significant concern to the community. What we need to focus on here is to ensure that all steps are taken to protect the community’s personal information from further risk of loss,” Falk he said.

Earlier on Tuesday, Kirk said the personal data released included health care numbers, a form of identification that had not previously been publicly hacked.

Cyber ​​Security Minister Claire O’Neill urged Optus to make it a priority to inform customers what information was taken.

“I am incredibly concerned this morning about reports that personal information from the Optus data breach, including Medicare numbers, is now being offered free and for ransom,” O’Neill said. “Medicare numbers were not advised to be part of the information compromised by the breach,” she said.

O’Neill on Monday described the hack as an “unprecedented theft of consumer information in Australian history”.

Of the 9.8 million people affected, 2.8 million had “significant amounts of personal data,” including driver’s licenses and passport numbers, were violated and were at significant risk of identity theft and fraud, she said.

Kirk said he used an online forum for criminals who trade stolen data and asked OptusData how Optus’ information was accessed.

It appears that Optus has left an application programming interface, a piece of software known as an API that allows other systems to communicate and exchange data, open to the public, Kirk said.

“It looks like it was a failure to secure the software system, so anyone on the Internet could find it,” Kirk said.

The Australian Financial Review said the theory that Optus “left an API open” was widely reported.

Bayer Rosmarin rejected such an explanation.

“Given that we’re not allowed to say much because the police haven’t told us, what I can say – hopefully to help people understand that it’s not being portrayed – is that our The data was encrypted and we have several layers of security in place,” Bayer Rosmarin said.

“So it’s not entirely a case of some sort of exposed API sitting outside,” she said.

O’Neill did not elaborate on how the breach occurred, but described it as a “quite basic hack.”

O’Neill said, Optus had “effectively left the window open for data of this nature to be stolen.”

Australia’s government is considering stricter cybersecurity rules for telecommunications companies as a result of the hack.

Current cybersecurity law does not allow Optus to impose fines for violations, although O’Neill noted that fines of hundreds of millions of dollars would have been possible if it had happened in other countries.

O’Neill said the potential AUD 2 million (about Rs 10 crore) fine under the privacy law was insufficient.


Buying an affordable 5G smartphone today usually means you have to pay “5G tax”. What does this mean for those looking to get access to 5G networks as soon as they launch? Find out in this week’s episode. orbital is available Spotify, Song, jiosawani, google podcasts, Apple Podcasts, amazon music And wherever you get your podcasts.

LEAVE A REPLY

Please enter your comment!
Please enter your name here