AUSTRALIA (Commonwealth Union)_ The personal information of about 10 million members, or 40% of the population, was stolen last week in what Optus, a sizable Australian telecommunications provider, called a cyber-attack. According to some analysts, it could be the worst data leak in Australia’s history.
More distressing and dramatic occurrences, however, have occurred this week, including requests for ransom, irate public discussions, and doubts about the validity of the “hack.”
There are also serious concerns about Australia’s data and privacy procedures. The government has already acknowledged that the nearly 2.8 million people whose passport or driver’s license details were stolen face a “very significant” risk of identity theft and fraud.
Optus asserted that it was investigating the incident in addition to notifying the authorities, financial institutions, and regulatory bodies. Local media reports that the intrusion appears to have external roots.
Optus CEO Kelly Bayer Rosmarin apologized passionately, describing the incident as a “sophisticated attack” and boasting about the company’s superior cybersecurity. “Obviously, I’m upset that there are people out there that want to do this to our clients, and I’m unhappy that we weren’t able to stop it,” she remarked.
A user of the internet requested Optus pay a ransom of $1 million (A$1.5 million; £938,000) in cryptocurrency early on Saturday. The person also released data samples on a message board. The company was given a week to make good on its debt, after which the additional stolen data would be sold in stages.
Some experts believed the sample data, which had about 100 entries, appeared to be accurate despite the fact that investigators have not yet verified the user’s claims.
Jeremy Kirk, a tech writer based in Sydney, said that the suspected hacker provided a detailed breakdown of how they got the data. The user, who insisted they received the information using a widely accessible software interface, denied Optus’s claims that the breach was “advanced”. “Not requiring authentication Internet access is available to everyone,” they reportedly said in a statement.
