September 28, 2022
The head of Optus says the telco “are not the villains” as the FBI has become involved in investigating the massive breach of customers’ personal details.
Political leaders have warned everyone to be vigilant for scams and not click links in texts amid fears their data could be used for fraud or identity theft.
The hackers claiming to be responsible for the massive Optus breach have scrapped their ransom demand and purport to have deleted the nearly 10 million customers’ records scraped from the telco’s website.
This is yet to be independently confirmed by cybersecurity agencies.
“Too many eyes. We will not sale(sic) data to anyone. We can’t if we even want to: personally deleted data from drive (Only copy),” the group said on Tuesday.
“Sorry too (sic) 10.2000 Australian whose data was leaked . . . very sorry.”
But before that, details of more than 10,000 people were apparently freely released.
Home Affairs Minister Clare O’Neil said she was “incredibly concerned” that data reportedly included Medicare numbers —which Optus had never advised were part of the compromised information from the breach.
“Consumers have a right to know exactly what individual personal information has been compromised in Optus’ communications to them,” she said. Optus has not paid any ransom.
The Australian Federal Police, State police, cybersecurity agencies and banks have been working around the clock to deal with the breach and track down the hackers.
Attorney-General Mark Dreyfus revealed on Tuesday that the US Federal Bureau of Investigation was also involved in those efforts.
“It is a very serious matter which I know is worrying millions of Australians today,” he said.
“All Optus customers should be vigilant.
“Do not click on any links in a text message. Check all website sources — just check that it is an official website before taking any future action.
“If you are unsure about why you are being asked to divulge private information, stop and verify who the person or organisation is that is making that request of you.”
Optus chief executive Kelly Bayer Rosmarin said the company was doing everything it could to help customers and she wasn’t going anywhere.
“We are not the villains,” she told ABC radio. “We definitely know this is the work of some bad actors, and really they are the villains in this story.
“It’s clearly not as simple as has been written in the press, but what I can say is our customer data is encrypted and there are multiple levels of security.”
Ms O’Neil on Monday night described the breach as “quite a basic hack”.
Shadow cybersecurity minister James Paterson said he was concerned about the contradictions between the two versions of events.
“Customers have a right to know whether or not this was a sophisticated attack, as Optus claims, or a basic attack, as the minister has asserted,” he said.
“The Government should share what they know which has led them to this conclusion.”
The Opposition wants the Government to waive fees for people who need new passports because of the hack. The AFP have launched Operation Hurricane to identify the criminals behind the alleged breach.
Greens justice spokesman David Shoebridge questioned whether the AFP was the right agency to lead the investigation, pointing out the Auditor-General had ranked the police poorly for their track record on data and IT security.
“We’re seeing our worst data breach nightmares playing out in real time, as our existing laws and data protection systems are no match for Optus hackers,” he said.
Optus customers who have had their data misused can get support from charity IDCare. There is also further advice for them on the website of the Office of the Australian Information Commissioner.
The Government has flagged it will pursue tougher penalties and cybersecurity measures later this week.
