Advertisement

‘Bad news’: Optus hacker’s ominous next threat

The alleged hacker behind the Optus cyber attack targeting the data of millions of Australians has released a tranche of the data, as they step up their ransom demands.

In the updated claim on Tuesday morning, the hacker – known only as “Optus Data” – demanded the telco get in touch about paying the $US1 million ($1.53 million) in cryptocurrency ransom.

Global IT security expert Jeremy Kirk, who has been in contact with the alleged hacker, revealed latest step on Tuesday morning.

“Bad news,” he tweeted.

“The Optus hacker has released 10,000 customer records and says a 10K batch will be released every day over the next four days if Optus doesn’t give into the extortion demand.”

The alleged hacker also mentions Optus’ “$9 billion revenue” and says “$US1 million small price to pay”.

They threaten to release a further 10,000 records every day for four days unless the company pays up.

Up to 10 million Australians are thought to have had their data exposed in the breach, which Optus admitted last week.

The telco said on Monday it had emailed or texted all those customers who had identification documents compromised in the cyber attack. Payment details and account passwords have not been compromised.

A federal police investigation has also been launched into the data breach.

Operation Hurricane has been established by the AFP to identify the people behind the breach, as well as prevent identity fraud of those affected.

Assistant Commissioner of Cyber Command Justine Gough said the investigation into the source of the data breach would be complex.

“We are aware of reports of stolen data being sold on the dark web and that is why the AFP is monitoring the dark web using a range of specialist capabilities,” she said.

“Criminals, who use pseudonyms and anonymising technology, can’t see us but I can tell you that we can see them.”

The task force will work with the Australian Signals Directorate, overseas police as well as Optus.

Ms Gough said customers should be vigilant in monitoring unsolicited texts, emails and phone calls following the hack.

“The AFP will be working hard to explain to the community and businesses how to harden their online security because ultimately it is our job to help protect Australians and our way of life,” she said.

Slater and Gordon Lawyers are investigating whether to launch a class action lawsuit against Optus on behalf of former and current customers.

Class actions senior associate Ben Zocco said the leaked information posed a risk to vulnerable people, including domestic violence survivors and victims of stalking.

Consequences may be less severe for other customers but the information could easily lead to identity theft, he added.

Home Affairs Minister Clare O’Neil launched a scathing attack on Optus in parliament.

Ms O’Neil said responsibility laid squarely at the feet of the telco giant and that the government was looking at ways to mitigate the fallout.

“The breach is of a nature that we should not expect to see in a large telecommunications provider in this country,” Ms O’Neil said on Monday.

“We expect Optus to continue to do everything they can to support their customers and former customers.”

Ms O’Neil called on the telco to provide free credit monitoring to former and present customers who had their data stolen in the breach.

Optus has announced it will provide the most affected current and former customers with a free 12-month credit monitoring subscription to Equifax Protect.

Ms O’Neil said the government was looking to work with financial regulators and the banking sector to see what could be done to protect affected customers.

“One significant question is whether the cyber security requirements we place on large telecommunications providers in this country are fit for purpose,” she said.

“In other jurisdictions, a data breach of this size will result in fines amounting to hundreds of millions of dollars.”

Prime Minister Anthony Albanese said the Optus data breach was a “huge wake-up call”.

As the government prepares to introduce new cybersecurity measures, Mr Albanese said additional protections would mean banks and other institutions would be informed much faster when a breach happened, so personal data could not be used.

-with AAP

Stay informed, daily
A FREE subscription to The New Daily arrives every morning and evening.
The New Daily is a trusted source of national news and information and is provided free for all Australians. Read our editorial charter
Copyright © 2024 The New Daily.
All rights reserved.