Optus, Australia’s largest telecommunications company, disclosed last week that personal data from around 10 million users – roughly 40% of the population – was taken in a cyber-attack. Optus Data Breach

According to analysts, this is the worst data breach in Australian history.

Optus Data Breach | This week, however, has seen more dramatic and ugly events, including ransom demands, furious public debates, and questions over whether this was a “hack” at all.

It has also raised serious concerns about how Australia manages data and privacy.

The cyber alarm sounded last Thursday.

Optus, a subsidiary of Singapore Telecommunications Ltd, made the breach public around 24 hours after seeing suspicious activity on its network.

The data of current and past customers, including names, birthdates, home locations, phone and email contacts, passports and driving licence numbers, was taken, according to Australia’s second-largest telecommunications provider. However, it was emphasized that financial information and account passwords had not been stolen.

The government has recently stated that those whose passports or driver’s license details have been stolen (approximately 2.8 million people) face a “very considerable” risk of identity theft and fraud.

Optus stated that the incident was being investigated and that they had contacted police, financial institutions, and government agencies. However, according to local media, the intrusion looks to have originated elsewhere.

Optus CEO Kelly Bayer Rosmarin issued an impassioned apology, calling it a “sophisticated attack” and claiming the firm had extremely good cybersecurity.

A ransom demand was made. | Optus Data Breach

An internet user posted data samples on an online forum early Saturday and sought a ransom of AUD$1.5 million (USD$1 million) in bitcoin from Optus.

Optus Data Breach
Optus Data Breach

According to the individual, the corporation had a week to pay or else the additional stolen data would be auctioned off in phases.

Investigators have yet to verify the user’s allegations, but several experts have already stated that the sample data, which had around 100 entries, seemed authentic.

NEXT MASTERCLASS Targeted ICS Ransomware In Manufacturing: How To Be Prepared

A significant lack of security.

Jeremy Kirk, a Sydney-based tech writer, claimed he contacted the alleged hacker and received a thorough description of how they acquired the data.

The user disputed Optus’ claim that the hack was “advanced,” claiming that the data was obtained using a widely available software interface.

“No authentication needed. That is bad access control. All open to internet for anyone to use.”

Optus Data Breach
Optus Data Breach

Optus Data Breach | More stolen details are being revealed as data travels.

The hacker published 10,000 customer records on Tuesday and renewed the ransom demand.

However, just hours later, the person apologized and erased the previously released data sets, claiming it was a “mistake.”

“There are too many eyes. We will not sell data to anyone.” They posted. “Optus sincerely apologizes for this. I hope everything goes smoothly from here.”

This raised debate about whether Optus had paid the ransom – something the company denies – or whether the user had been frightened by the police inquiry.

To make matters worse, others on the forum had duplicated and proceeded to share the now-deleted data sets.

It was also revealed that certain customers’ Medicare information – government identity numbers that might provide access to medical records – had been taken, something Optus had previously not disclosed.

The business announced late Wednesday that this had affected about 37,000 Medicare cards.

“This might be Australia’s most devastating breach.”

Since last week, Optus has been flooded with messages from irate consumers.

People have been cautioned to be on the lookout for indicators of identity theft as well as opportunistic fraudsters allegedly taking advantage of the uncertainty.

A class-action lawsuit against the firm might be launched soon. “This is probably the most significant privacy breach in Australian history, both in terms of the number of persons affected and the type of the material released,” Slater and Gordon Lawyers’ Ben Zocco said.

The government described the hack as “unprecedented,” blaming Optus for “essentially leaving the window open” for sensitive data to be stolen.

Cyber Security Minister Clare O’Neil was challenged on ABC television, “You definitely don’t appear to be believing Optus’ narrative that this was a sophisticated attack?”

“No, it wasn’t. So no, “Ms. O’Neil said. The event attracted a lot of online attention.

On Tuesday, Ms. Bayer Rosmarin told News Corp Australia: “We have several levels of defence. So it is not the case that there are entirely accessible APIs [software interfaces] lying around.

“I think most consumers realize that we are not the villains,” she said, adding that Optus couldn’t comment further since the inquiry was continuing.

As consumers hurry to safeguard themselves, the corporation has been asked to fund the price of replacing passports and driving licenses.

‘We’re a decade behind in cyber security.’

According to Ms. O’Neil, the incident demonstrates how much Australia falls behind the rest of the globe in terms of privacy and cybersecurity.

“We’re about a decade behind… where we should be,” she told ABC.

On the subject, both political parties have exchanged blame. Opposition MPs have accused the Labor administration of being “asleep at the wheel.” Ms. O’Neil identified two areas that require immediate improvement.

She believes the government should be allowed to penalize firms like Optus more effectively. In several nations, the corporation might have faced fines of hundreds of millions of dollars, but Australia’s sanction is restricted at around $2 million, she added.

She also wants to extend last year’s cyber security legislation to cover telecoms businesses.

“At the time, the telecoms industry stated, ‘Don’t worry, we’re incredibly strong at cybersecurity.’ We’ll do it without supervision. This episode, I believe, brings that assumption into doubt.”

Security experts have also advised that data retention regulations be changed so that telecommunications firms are not required to hold sensitive information for as long. According to experts, former consumers should also have the right to ask businesses to delete their data.

According to Optus, existing regulations oblige it to maintain identifying data for six years.

Other business experts have suggested that customers, rather than the industry regulator, should be able to sue corporations that lose control of their information.

Sharing is Caring!

You are welcome to put this blog article on your website, provided you also append an active link to our website “Source: https://resources.rhyno.io”

For media enquiries, contact us at [email protected].


Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.


About Rhyno Cybersecurity Services

Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.

Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.

This website uses cookies to improve your online experience. By continuing, we will assume that you are agreeing to our use of cookies. For more information, visit our Cookie Policy.

Privacy Preference Center