What’s happening with the Optus data breach? What we know about the alleged hacker’s ransom, data release and apology
Optus #Optus
The fallout from last week’s cyber attack on telecommunications giant Optus, which exposed the details of current and former customers, is continuing.
The leaked information includes dates of birth, names, phone numbers and, in some cases, addresses and drivers licence numbers.
Nearly a week after the attack, we’re still trying to get a clear picture of what happened and what it means for affected people.
Here’s the latest.
Why am I hearing about a hacker making ransom demands?
You might have seen this screenshot from BreachForums floating around — it was being shared on social media this morning:
It features a threat from someone claiming to have the data asking for a ransom of $US1 million ($1.5 million) on Saturday.
The user claims to be selling the data, which includes email addresses, dates of birth, first and last names, phone numbers, drivers’ licence and passport numbers.
The red writing underneath shows the supposed hackers threatening to release 10,000 records from for every day the ransom is not paid within a week.
The user claimed 10,000 records were published this morning, but people were warned not to click any links in the post.
Some cyber security experts believe the account is legitimate, but it has not been confirmed by Optus or the Australian Federal Police (AFP).
The ABC has contacted both for a response.
Guardian Australia tech reporter Josh Taylor said he’d seen some of the released files and they looked legitimate.
“It’s got names, date of births, email addresses, postal addresses, phone numbers, Medicare card numbers, passport numbers, drivers licence numbers — its got everything,” he said.
“These are what is used in the 100 points of documentation you need to prove your identity with a lot of corporations.”
A few hours later, the user appeared to have apologised:
Here’s the full text of that post:
“Too many eyes. We will not sale data to anyone. We cant if we even want to: personally deleted data from drive (Only copy)
“Sorry too 10.200 Australian whos data was leaked.
“Australia will see no gain in fraud, this can be monitored. Maybe for 10.200 Australian but rest of population no. Very sorry to you.
“Deepest apology to Optus for this. Hope all goes well from this
“Optus if your reading we would have reported exploit if you had method to contact. No security mail, no bug bountys, no way too message.
“Ransom not payed but we dont care any more. Was mistake to scrape publish data in first place.”
What does the Optus CEO say?
The ABC’s Peter Ryan spoke to Optus boss Kelly Bayer Rosmarin about a ransom demand this morning.
She said she couldn’t say much because of the Australian Federal Police investigation, but confirmed the company was aware of the post:
“We have seen that there is a post like that on the dark web and the Australian Federal Police is all over that,” she said.
Here’s what an AFP spokesperson said about the alleged ransom on Saturday:
“The AFP is aware of reports alleging stolen Optus customer data and credentials may be being sold through a number of forums, including the dark web.
“The AFP is using specialist capability to monitor the dark web and other technologies and will not hesitate to take action against those who are breaking the law.”
How will I know if my ID numbers have been stolen?
You should have received an email or text from Optus by now.
Here’s an update from Optus yesterday morning:
“Optus has now sent email or SMS messages to all customers whose ID document numbers, such as licence or passport number, were compromised because of the cyber attack.”
What does the Optus email look like?
Here’s a screenshot of an email sent to a customer earlier this week:
If I haven’t got an email yet, am I in the clear?
Not necessarily.
As of yesterday morning, Optus said it was still in the process of contacting people whose other details, such as email address, have been illegally accessed.
Optus says its official emails and text messages will not have hyperlinks in them.
If you receive an email or text that looks like it’s from Optus and it has a link, do not click that link — it could be a scam.
Who can I call for help?
The Office of the Australian Information Commissioner (OAIC) says anyone who thinks they’re involved should contact Optus at the first instance.
The office said to try the Optus website first before calling the company on 133 937.
The OAIC has more details on steps you can take on its website.
What is Optus doing to help affected people?
It’s offering “the most affected current and former customers” a free 12-month subscription to credit monitoring and identity protection service Equifax Protect.
“The most affected customers will be receiving direct communications from Optus over the coming days on how to start their subscription at no cost,” the company said yesterday.
What else can customers do?
IDCare, the national identity and cyber support service, has put out a fact sheet on the breach, but said people should consider their personal circumstances.
It recommended the following precautionary proactive responses:
Here’s where to go to request a credit history:
And here’s where to go to request a credit ban:
NSW Customer Service Minister Victor Dominello says Optus customers whose drivers licence details have been compromised by the hack should apply for a replacement licence.
And, while you’re thinking of cyber security, it might be an idea to head to the HaveIBeenPwned website and check to see if your mobile number and email address have appeared in recorded data breaches.
It’s a free site run by Troy Hunt, an Australian cybersecurity expert who keeps a database of known leaked data.
[Optus Hack: Have you been affected by the Optus data breach? Tell us your story]