Estimated reading time: 2 minutes, 36 seconds

Australia's 2nd largest telecom company falls victim to one of the country's biggest data breaches Featured

Australia's 2nd largest telecom company falls victim to one of the country's biggest data breaches Kaleb Nimz

Optus, Australia’s second-largest telecommunications company recently fell victim to a data breach. The hacker who goes by the name of Optusdata claimed to have stolen 11.2 million sensitive customer records – threatening to sell the data if the organization did not pay $1M USD in  Monero cryptocurrency.

According to Australian Federal Police, the Optus data breach is one of the largest cyberattacks the country has ever seen and is currently under investigation.

"We are devastated to discover that we have been subject to a cyberattack that has resulted in the disclosure of our customers’ personal information to someone who shouldn’t see it," said Kelly Bayer Rosmarin, Optus CEO.

The threat actor was able to access Optus’ data through an unsecure API endpoint prior to the discovery by the company on September 22, 2022. Data stolen included customer name, date of birth, phone number, driver licenses and passport numbers. Fortunately, the cybercriminal was unable to access any account passwords or financial information.

The hacker uploaded a sample of the stolen data on a popular data leak site called BreachForums claiming that they had over 11 million user records in their possession. The hacker included a note that read, “Optus if you are reading! Price for us to not sale [sic] data is 1,000,000$US! We give you 1 week to decide.”

With Optus refusing to pay and Federal authorities closing in, the threat actor seemed to have a change of heart. A few days after making the original demand the cybercriminal back tracked stating that they had deleted the data. The post stated, “Too many eyes. We will not sale data to anyone. We can't if we even want to: personally deleted data from drive (only copy).”

The hacker even went as far as to apologize to Optus and the Australian citizens that fell victim to the breach calling it a “mistake.”. The apology which was posted on BreachForums stated, “Deepest apology to Optus for this. Hope all goes well from this” even going so far as to claim that they would have reported the unsecure API if there was a way to notify the company.

Prior to the apology the Australian police force put together a task team called “Operation Hurricane” in an effort to track down the criminals. If discovered, those who orchestrated the Optus breach could face up to 10-years in prison.

Optus is currently notifying victims of the data breach - offering a 12-month subscription to Equifax Protect, a credit monitoring service to those most affected. Victims can also get a new driver’s licenses and have their old ones destroyed via the South Australia's Minister for Infrastructure, Transport, Energy & Mining free of charge.

Due to the breach the Australian government is considering a tougher stance on data breaches going forward. “A very substantial reform task is going to emerge from a breach of this scale and size,” Cybersecurity Minister Clare O’Neil told Australian Broadcasting Corp.

While O’Neil cited that some countries would have fined Optus “hundreds of millions of dollars” for a breach of this proportion – Australia current laws don’t allow for a company to be financially liable.

Read 583 times
Rate this item
(0 votes)
Danielle Loughnane

Danielle Loughnane earned her B.F.A. in Creative Writing from Emerson College and has been working in the marketing and data science field since 2015. 

https://danielleloughnane.com/

Visit other PMG Sites:

PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.