Customers claim Medicare details breached in Optus data hack
It now appears Medicare details have been exposed as part of the Optus cyber attack, with millions of Aussies reeling from the security breach.
National
Don't miss out on the headlines from National. Followed categories will be added to My News.
A number of Australians have had their Medicare details exposed as part of the Optus cyber attack, a revelation that has come as a shock to many.
When confirming the attack last week, Optus said the data exposed includes customers’ names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses, and ID document numbers such as driver’s licence or passport numbers.
Now, customers have claimed their Medicare details are also at risk.
One frustrated Optus customer, who wished to remain anonymous, told news.com.au that she contacted the telco on Tuesday morning after not receiving any information about whether her details had been compromised.
After reaching out, she said an Optus representative confirmed her driver’s licence and Medicare card details had been impacted by the breach.
Stream your news live & on demand with Flash for $8/month and no lock in contracts. New to Flash? Try 1 month free. Offer ends 31 October, 2022 >
“I still have not received any email/message etc from Optus advising me so I would assume a lot of customers are in the same boat and need to be proactive in contacting Optus themselves,” she said.
“I can see that your account has been flagged as being impacted by the cyberattack,” the Optus representative said.
The Optus worker ensured the woman that her account passwords were “completely safe” before listing the compromised ID documents as driver’s licence and Medicare card.
Another customer told news.com.au they only found out their Medicare details had been leaked after reaching out to Optus via the telco’s live chat feature on its website.
Other people have taken to social media to claim their Medicare details have also been caught up in the data leak.
About bloody time #optus came to the party and gave their #OptusHack victims credit monitoring. I wonder how long it will be until they set that up 🙄🙄🙄 it took them 5 days to tell me my driver’s license & Medicare numbers had been exposed. #OptusClassAction#optusfail
— Ariadne Quinn 💉x5 (@ariadne_quinn) September 26, 2022
I had a really helpful chat with Optus support because I wanted to get more precise information than “drivers license or passportâ€. They told me that they didn’t have my passport details but did have my license *and Medicare* details.
— Conrad HC (@conradhc) September 25, 2022
Minister for Home Affairs, Clare O’Neil, said she was “incredibly concerned” following reports that personal information from the breach, including Medicare numbers were being “offered for free and for ransom”.
“Medicare numbers were never advised to form part of compromised information from the breach,” she said in a statement.
“Consumers have a right to know exactly what individual personal information has been compromised in Optus’ communications to them. Reports today make this a priority.”
When news.com.au asked Optus to respond to claims of Medicare details being leaked in the hack, a spokesperson claimed they could not provide further details due to the AFP investigation.
“We are working with the AFP on their investigation of this attack. On their request, we’ve been asked not to discuss further details as it might compromise their ability to find the bad actor,” the spokesperson said.
Medicare reports ‘significant’ as pressure mounts
Jeremy Kirk, cyber security researcher and writer from ISMG Corp, announced on Tuesday morning that the alleged hacker behind the attack had released 10,000 customer records.
The person threatened to release another 10,000 batch each day for four days until Optus gave into their $US1 million ($A1.5 million) ransom demand.
Mr Kirk also pointed out that the new data appeared to show that Medicare numbers may also have been exposed for some customers.
He said the word “Medicare” appeared 55 times across the new data set.
Mr Kirk told news.com.au that after he noticed this information he went back through the first sample batch of 100 records released by the alleged hacker.
“I didn’t search for Medicare the first time around, but I found one record with the Medicare numbers. There was one Medicare number in the first sample data,” he said.
“It’s very significant because here’s another critical piece of identification that looks like it’s been compromised.”
In a surprise move, just hours after releasing the data of 10,000 Australians, the alleged hacker claimed they would not be selling or leaking anymore data.
The person, known only as Optusdata, claimed there were “too many eyes” on them and said they would no longer be pursuing the $US1 million cryptocurrency ransom.
In the latest message, the person apologised to the Australians impacted by the data leak and said they couldn’t release more data even if they wanted to because they had “personally deleted data from drive”, which they claimed was the only copy.
The alleged hacker also offered their “deepest apology” to Optus, saying they “hope all goes well from this”.
The person claimed it was a “mistake” to publish the data in the first place.
The other ransom demands have now been deleted from the online forum where the alleged hacker has been posting.
Hacker’s possible motivations examined
When the first ransom post appeared, Mr Kirk messaged the alleged hacker and the person confirmed to him they had accessed the Optus data through an unsecured API, which is a software intermediary that allows two applications to talk to each other.
Writing about cyber crime, Mr Kirk is used to reaching out to mysterious online characters and said they are often eager to talk about their exploits.
But why would a hacker openly talk to a journalist about what they have done?
Well, Mr Kirk said there are likely a number of reasons.
“Sometimes it’s to prove that they did what they’re claiming they did. Sometimes they’d like the notoriety, for someone to write about them or post something about them,” he explained.
“So they have to have strong motivation to want to get publicity.”
The AFP confirmed on Monday that they were working with overseas law enforcement to investigate the Optus data breach.
“The AFP is aware of reports of the sale of stolen data and investigations are continuing,” the AFP said in a statement.
“To protect the integrity of the criminal investigation, the AFP will not divulge what information it has obtained in the first few days of Operation Hurricane.”
Assistant Commissioner Cyber Command Justine Gough said the investigation was going to be extremely complex and very lengthy.
“We are aware of reports of stolen data being sold on the dark web and that is why the AFP is monitoring the dark web using a range of specialist capabilities. Criminals, who use pseudonyms and anonymising technology, can’t see us but I can tell you that we can see them,” she said.
“A key focus, which we have had success in the past, is to identify those criminals.
“It is an offence to sell or buy stolen identification credentials, with penalties of up to 10 years’ imprisonment.”
Originally published as Customers claim Medicare details breached in Optus data hack
Coalition, US divides on Middle East ceasefire
A senior Coalition figure says it ‘wouldn’t be remarkable’ for it to disagree with the US’ calls for a ceasefire in the Middle East, with Labor jumping on the comments.
What Jessica Mauboy and Adam Gilchrist have in common
Big names from the world of entertainment, sport, politics and business have pledged support for a new national initiative designed to save Australian lives.