Australia’s cybersecurity minister slams Optus, while alleged hacker apologizes for changing his mind and drops ransom demand
Optus, the second largest mobile operator in Australia, continues to feel the impact after suffering the largest cybersecurity breach in this country.
Last week, the telecom company, which is owned by Singapore Telecom Limited, confirmed that a cyber attack had compromised the data of millions of its customers.
Up to 9.8 million accounts could be hacked, equivalent to 40 per cent of Australia’s population. The stolen data includes customer names, dates of birth, phone numbers, email addresses, and a subset of customers, addresses, and numbers of identification documents such as driver’s license or passport numbers.
It seems that the Australian government is not at all happy with Optus and its security system.
Claire O’Neill, Minister of Home Affairs and Cyber Security, appeared on ABC730 on Monday and said the government had received “quite detailed” information about data stolen from Optus in the hack.
It said the breach exposed key personal information of 9.8 million Australians.
The country has a population of 25.7 million.
But worse still, extensive (and sensitive) personal data, such as license numbers and passport numbers of 2.8 million people, has also been leaked into the public domain.
The minister said the data obtained was “effectively up to 100 identity verification points”, making “the scale of identity theft and fraud particularly significant for those of the 2.8 million Australians”.
ICYMI: Minister of Cyber Security Tweet embed talk to Tweet embed About the Optus data breach, he says Australia is “probably a decade behind” in protecting privacy. # abc730 pic.twitter.com/boqoKceL0j
– abc730 (@abc730) September 26, 2022
When asked why a telecom company had so much sensitive public information, the cybersecurity minister disputed Optus’ claims that it had been the victim of a “sophisticated” hack, and said the attack was not entirely sophisticated and was in fact a “completely basic hack” and Optus “left the window open.” “.
The secretary emphasized that she did not buy the line from Optus that it was a complex attack, and frankly said it was not.
It also said Optus’ offer to monitor victims’ credit for a year was “not an appropriate response,” and warned the operator that this was “not the end of the story.”
Claire O’Neill also noted that Australia in general may be about a decade behind in adequate privacy protection and “and five years behind in cyber protection”.
while The Guardian newspaper reported That the alleged Optus hacker has changed his mind, apologized for the data breach and dropped the ransom threat.
It comes after an online account sought a ransom after it posted records of 10,000 Optus customers, threatening to release more, before changing its mind, withdrawing the threat and deleting all requests.
On Monday night, the hacker allegedly uploaded a text file of 10,000 records to a data breach website and promised to leak an additional 10,000 records every day for the next four days unless Optus paid $1 million in cryptocurrency.
The Guardian noted that the leaked text contained names, dates of birth, email addresses, driver’s license numbers, passport numbers, Medicare numbers, phone numbers and address information. It also included more than a dozen federal and state government email addresses, including four from the Department of Defense and one from the Department of the Prime Minister and Cabinet.
But by late Tuesday morning, the alleged attacker appeared to have changed his mind, deleting his posts and claiming that he also deleted the only copy of Optus’ data.
“Lots of eyes. We won’t sell [sic] data for anyone. We can’t even if we want to: personally delete data from the drive (copy only)”, says a new post.
“Sorry too [sic] 10200 Australians [sic] Data has been leaked.
Australia will not see any fraud gains, and this can be monitored. Maybe for 10,200 Australians but the rest of the population doesn’t. I’m so sorry for you.”
The alleged attacker apologized to Optus and said they would have reported the exploit if Optus had allowed the reporting.
Optus reportedly said no ransom was paid.
#Optus #criticized #Minister #Cyber #Security