Optus, the second largest mobile operator in Australia, continues to feel the impact after suffering that country’s largest ever cybersecurity breach.

Last week the operator, owned by Singapore Telecommunications Ltd, confirmed a cyberattack had compromised the data belonging to millions of its customers.

As many as 9.8 million accounts may be compromised, equivalent to 40 percent of Australia’s population. Stolen data includes customers’ names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses, ID document numbers such as driver’s licence or passport numbers.

Unhappy Minister

And it seems the Australian government is not at all happy at Optus and its security regime.

Clare O’Neil, minister for Home Affairs and Cybersecurity, appeared on ABC730 on Monday, and said the government has received “quite detailed” information about the data stolen from Optus in the hack.

She confirmed the breach had exposed basic personal information of 9.8 million Australian citizens.

The country has a population of 25.7 million people.

But even worse, extensive (and sensitive) personal data such as license numbers and passport numbers for 2.8 million people has also been leaked into the public realm.

The data taken, the minister said, “effectively amounts to 100 points of ID check,” making the “scope for identity theft and fraud quite significant in particular for those 2.8 million Australians.”

When asked why a telecoms company would have that amount of sensitive public information, the cybersecurity minister disputed Optus claims that it was a victim of a “sophisticated” hack, and said the attack was not all sophisticated and was in fact “quite a basic hack” and Optus had “left the window open.”

The minister confirmed she was not buying the line from Optus that it was a sophisticated attack, bluntly saying it wasn’t.

She also said that Optus offer of one year’s credit monitoring for victims was “not an adequate response,” and warned the operator this was “not the end of the story.”

Clare O’Neil also noted that Australia in general was probably about a “decade behind” in adequate privacy protections” and about “five years behind in cyber protections.”

Hacker apology

Meanwhile the Guardian reported that the alleged Optus hacker has had a change of heart and has apologised for the data breach and dropped the ransom threat.

It comes after an online account sought a ransom after it published records of 10,000 Optus customers, and threatened to release more, before change of heart and retracting the threat and deleting all demands.

The hacker had on Monday night allegedly uploaded a text file of 10,000 records to a data breach website and promised to leak 10,000 more records each day for the next four days unless Optus paid $1m in cryptocurrency.

The text leak contained names, dates of birth, email addresses, driver’s licence numbers, passport numbers, Medicare numbers, phone numbers and address information, the Guardian noted. It also included more than a dozen state and federal government email addresses, including four from the defence department and one from the Department of Prime Minister and Cabinet.

But by late Tuesday morning, the alleged attacker had apparently had a change of heart, deleting their posts and claiming they had also deleted the only copy of the Optus data.

“Too many eyes. We will not sale [sic] data to anyone. We can’t if we even want to: personally deleted data from drive (Only copy),” they reportedly said in a new post.

“Sorry too [sic] 10,200 Australian whos [sic] data was leaked.

“Australia will see no gain in fraud, this can be monitored. Maybe for 10,200 Australian but rest of population no. Very sorry to you.”

The alleged attacker apologised to Optus and said they would have reported the exploit if Optus had made it possible to report.

Optus reportedly said no ransom has been paid.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

19 hours ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

22 hours ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

23 hours ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

2 days ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

2 days ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

2 days ago