Australia

‘Very sorry’: Account claiming to be hacker says it has dropped Optus ransom

The group behind the has reportedly dropped its ransom demand and claims to have deleted the 11 million customers’ records it scraped from the telco’s website.
It comes after an alleged attempt to force Optus to pay US$1 million ($1.54 million) by Friday after the group released a batch of 10,000 Australian customers’ sensitive details on a data breach forum on the clear web.
The illegally obtained information includes passport and driver’s licence numbers, dates of birth and home addresses, according to cyber security researcher and writer Jeremy Kirk from ISMG Corp.
“Too many eyes. We will not sale (sic) data to anyone. We can’t if we even want to: personally deleted data from drive (Only copy),” an account claiming to be a hacker posted on the forum on Tuesday.
It said it would have alerted Optus to its vulnerability if the telco had a secure method to contact or a bug bounty.
It said it was “very sorry”.
“Australia will see no gain in fraud, this can be monitored,” the post read.

The batch released on Tuesday was still online as of 1.30pm Sydney time.

Attorney-General Mark Dreyfus told a Labor caucus meeting on Tuesday that the option to allow Australians to change their driver licence numbers was being considered with the privacy commissioner.
That option is not available in Victoria and the ACT.
Mr Dreyfus said the commissioner wasn’t notified by Optus of the breach involving almost 10 million customers, until late Friday, the day after it was first reported.
“Optus has a responsibility for the privacy of both current and former customers,” he said.

An ongoing privacy review will be completed this year.

In a statement on Tuesday morning, Home Affairs Minister Clare O’Neil said she was incredibly concerned at the reports of personal information, including Medicare numbers, being shared either for free or for ransom.
“Medicare numbers were never advised to form part of compromised information from the breach,” she said.
“Consumers have a right to know exactly what individual personal information has been compromised in Optus’ communications to them. Reports today make this a priority.”

Ms O’Neil said the full weight of cyber security capabilities across the government is working to respond to the breach.

How could the cyber attack have been prevented?

Government Services Minister Bill Shorten said Optus needs to do better.
“Based on what I’ve been told, Optus hasn’t done enough … to protect their customers and their follow-up needs to be much more diligent,” he told the Nine Network’s Today.
“I think it’s time for … a big overhaul of how our data is kept by big corporations.

“We’re doing everything we can to apprehend the hackers but there is no doubt the defences of the company were, as I’ve been informed, inadequate.”

Mr Shorten said the hack raised questions about how much of people’s data big companies should keep and for how long.

Ms O’Neil told the ABC on Monday that the attack was not “sophisticated”.

Australian Federal Police to investigate the breach

A federal police investigation has been launched into the data breach, which has affected 9.8 million Australians.
Operation Hurricane has been established by the AFP to identify the people behind the breach, as well as prevent identity fraud of those affected.
Assistant Commissioner of Cyber Command Justine Gough said the investigation into the source of the data breach would be complex.

The task force will work with the Australian Signals Directorate, overseas police, as well as Optus.

Opposition cyber security spokesman James Paterson told Sky News the government bore some responsibility and criticised its response to the hack as “slow”.

Slater and Gordon Lawyers are investigating whether to launch a class action lawsuit against Optus on behalf of former and current customers.
Class actions senior associate Ben Zocco said the leaked information poses a risk to vulnerable people, including domestic violence survivors and victims of stalking.
On Monday, Optus announced it will be providing the most affected current and former customers with a free 12-month credit monitoring subscription to Equifax Protect.
Payment details and account passwords have not been compromised.
Have you been affected by the Optus data breach? We want to hear from you. Contact SBS News at
 Source link

Back to top button