Advertisement

Group behind Optus breach scraps ransom demand

The group behind the massive Optus breach has scrapped its ransom demand and claims to have deleted the 11 million customers’ records it scraped from the telco’s website.

Sep 27, 2022, updated Sep 27, 2022
Home Affairs Minister Clare O'Neil said she was "incredibly concerned" about reports that Medicare numbers were now being offered for free and for ransom following the Optus hack. (Image: AAP)

Home Affairs Minister Clare O'Neil said she was "incredibly concerned" about reports that Medicare numbers were now being offered for free and for ransom following the Optus hack. (Image: AAP)

The attempt to force Optus to pay US$1 million (A$1.54 million) by Friday was dropped hours after the group released a batch of 10,000 Australian customers’ sensitive details on a data breach forum on the clear web.

The illegally obtained information includes passport, Medicare and driver’s licence numbers, dates of birth, home addresses and information about whether a person is renting or living with parents.

“Too many eyes. We will not sale (sic) data to anyone. We cant if we even want to: personally deleted data from drive (Only copy),” the group said on Tuesday.

It said it would have alerted Optus to its vulnerability if the telco had a secure method to contact or a bug bounty.

The batch released on Tuesday was still online as of 1.30pm Brisbane time.

Attorney-General Mark Dreyfus told a Labor caucus meeting on Tuesday that the option to allow Australians to change their driver licence numbers was being considered with the Privacy Commissioner.

Dreyfus said the commissioner wasn’t notified by Optus of the breach involving almost 10 million customers, until late Friday, the day after it was first reported.

“Optus has a responsibility for the privacy of both current and former customers,” he said.
An ongoing privacy review will be completed this year.

In a statement, Home Affairs Minister Clare O’Neil said she was “incredibly concerned” about reports that Medicare numbers were now being offered for free and for ransom.

“Medicare numbers were never advised to form part of compromised information from the breach,” she said.

“Consumers have a right to know exactly what individual personal information has been compromised in Optus’ communications to them.”

Two people whose details were exposed in Tuesday’s release of Optus data and who asked to remain anonymous, expressed frustration that it contained personal data that, unlike bank details, couldn’t easily be changed.

“No one can put a price on privacy but Optus has certainly lost mine,” a Melbourne man told AAP.

“We’ll find out how easy a mistake it was to make and to not make but c’mon, guys. Really?” said a Canberra man who signed to Optus in 2021.

A check of 12 random email addresses against records held by Have I Been Pwned found nine had not previously been exposed in breaches.

Government Services Minister Bill Shorten said Optus hadn’t done enough to protect customers and its response “needs to be much more diligent.”

“It’s time for … a big overhaul of how our data is kept by big corporations,” he told the Nine Network’s Today.

Optus says it was the victim of a sophisticated attack – a characterisation dismissed by O’Neil.

She launched a scathing attack on Optus in parliament on Monday, saying responsibility laid squarely at the feet of the telco giant.

A federal police investigation has been launched into the data breach, which has affected 9.8 million Australians.

Opposition cyber security spokesman James Paterson told Sky News the government bore some responsibility and criticised its response to the hack as “slow”.

Optus says it will offer “the most affected” customers the chance to take up a one-year subscription to credit monitoring service Equifax Protect at no cost.

“Please note that no communications from Optus relating to this incident will include any links as we recognise there are criminals who will be using this incident to conduct phishing scams,” a statement said.

Local News Matters
Advertisement
Copyright © 2024 InQueensland.
All rights reserved.
Privacy Policy