NewsBite

Updated

‘Very sorry’: Bizarre twist in Optus hack of 10 million Australians

In a bizarre turn of events, the hackers behind the major data breach have released a statement revealing what will happen next.

Government criticises Optus over data breach

The federal government is consulting with the FBI on the wide-ranging Optus data breach.

Attorney-General Mark Dreyfus said Australian law enforcement and industry were taking the issue, which has impacted almost 10 million Australians’ private data, seriously.

The hackers responsible have apologised and claim to have deleted their sole copy of mined data hours after they released the information of 10,000 Australians impacted in the telco breach.

The hackers claiming to be responsible for obtaining nearly 10 million current and former Optus customers’ details had on Tuesday morning threatened to keep releasing tranches of data unless Optus gave in to a $US1m ($A1.5m) ransom demand.

But just hour later, the hackers changed their tune, taking to a forum on the dark web to post:

“Too many eyes. We will not sale (sic] data to anyone. We can’t if we even want to: personally deleted data from drive (only copy),” they wrote.

“Sorry too (sic) 10.2000 Australian whos (sic) data was leaked … Very sorry

“Deepest apology to Optus for this. Hope all goes well from this.

“Ransom not payed (sic) but we dont care any more. Was mistake to scrape publish data in first place.”

The federal government is urging all Australians to not click on any suspicious links.

The AFP is working with the FBI to track down the Optus hackers.
The AFP is working with the FBI to track down the Optus hackers.

Mr Dreyfus said all Optus customers should be “vigilant”, as he assured impacted customers the full weight of government agencies was being thrown at the issue.

“Do not click on any links in a text message. Check all website sources – just check it is an official website before taking nay future action,” he said.

“The government as well as the AFP and other government agencies are working closely together on the Optus data breach.

“The AFP is taking this very seriously, with a large number of officers involved – working with other federal government agencies and state and territory police and with the FBI and with industry.”

Home Affairs Minister Clare O’Neil said she was “incredibly concerned” that personal information from the Optus breach had been offered “for free”.

She said she was particularly worried about reports Medicare numbers had been released.

“I want to reassure Australians that the full weight of cyber security capabilities across government, including the Australian Signals Directorate, the Australian Cyber Security Centre and the Australian Federal Police (AFP) are working around the clock to respond to this breach,” she said in a statement.

A multiagency investigation has been working overtime to find the hackers.

Optus chief Kelly Bayer Rosmarin said the company was also working hard to track them down.

“We definitely know that this is the work of some bad actors, and really they are the villains in this sorry,” Ms Bayer Rosmarin told ABC Radio.

“Optus is doing absolutely everything possible to be transparent, to be on the front foot.

“I think most customers understand that we are not the villains, and we have not done anything deliberate to put any of our customers at risk.”

The hackers had reportedly demanded $US1m within the week or else a tranche of 10,000 records will be released every day over the coming four days.

Optus chief executive Kelly Bayer-Rosmarin says the telco is not the villain. Picture: NCA NewsWire / Damian Shaw
Optus chief executive Kelly Bayer-Rosmarin says the telco is not the villain. Picture: NCA NewsWire / Damian Shaw

In a post on the dark web, the person claiming to be the hackers on Tuesday morning wrote: “If $1M US pay (sic) then data will be deleted from drive. Only 1 copy exist. Will not sale (sic) data too. Completely gone! 4 more day to decide Optus!

“Since they not payed (sic) yet here is 10,000 record from address file. Will release 10,000 record every day for 4 day when they not pay,” they wrote.

It appears Medicare numbers may now be exposed for some people as well, with others having their passport and driver's licence information exposed.

Ms Bayer Rosmarin said the AFP was “all over” the ransom demand.

A total of 9.8 million current and former customers have been impacted by the breach, which the government says is a major corporate failure.

The hackers behind the Optus data leak have begun to release private data. Picture: NCA NewsWire / Martin Ollman
The hackers behind the Optus data leak have begun to release private data. Picture: NCA NewsWire / Martin Ollman

Ms O’Neil told parliament on Monday that Australia needed to overhaul its privacy rules, including increasing the penalty for such an attack.

She said responsibility laid solely with Optus.

“The breach is of a nature that we should not expect to see in a large telecommunications provider in this country,” she said.

“In other jurisdictions, a data breach of this size will result in fines amounting to hundreds of millions of dollars.”

Ms Bayer Rosmarin said she didn’t think increasing penalties would “benefit anybody”.

“The most important thing is that we’re putting people on high alert and asking them not to fall for scams,” she said.

“Unfortunately, a lot of the data – the majority of the data that’s been accessed – is most likely out there already.”

Former foreign minister Julie Bishop said the incident was “deeply troubling” and “alarming”.

“The question of the level of encryption and security applied to this data is obviously being raised and that is something for Optus to answer,” she told the Nine Network.

“The government is quite rightly saying it will review the frameworks around the holding of such data.

“We know who’s behind it – it is obviously criminals, criminal organisations, and the use of this data could be quite widespread.”

Home Affairs Minister Clare O’Neil has called for a drastic overhaul. Picture: NCA NewsWire / Martin Ollman
Home Affairs Minister Clare O’Neil has called for a drastic overhaul. Picture: NCA NewsWire / Martin Ollman

Australian Information Commissioner Angelene Falk said all parties involved needed to take additional steps to “secure the personal information that they hold in this heightened security risk environment”.

“I think the level of fine does need to be looked at very carefully. It needs to be more than the cost of doing business,” she told ABC Radio.

“It needs to be a real deterrent. It needs to recognise the significant responsibility that organisations have to protect Australians’ personal information.

“We need to be able to expect that organisations will keep that data safe and when they don’t that they will face significant penalties for failing to do so.”

Government Services Minister Bill Shorten on Tuesday morning said Optus “hadn’t done enough” to protect its customers.

“It’s time for a big overhaul of how data is kept by our large corporations,” he told the Nine Network.

“We are doing everything possible to try and apprehend the hackers, but there’s no doubt that the defences of the company were inadequate, and they’ve got to reach out and support their customers.”

Originally published as ‘Very sorry’: Bizarre twist in Optus hack of 10 million Australians

Original URL: https://www.heraldsun.com.au/technology/online/optus-hackers-release-data-threaten-to-release-more/news-story/f12e6bc9b9ae21743cd77078280c7699