An online figure who has identified themselves as the Optus hacker has apologised to the thousands of Australians who had their personal data leaked as they backtracked on their demand for a whopping sum of money.
The alleged hacker, known only as Optusdata on the site Breached Forum, retracted their demand for AUD$1.5 million in Monero cryptocurrency after claiming they would release 10,000 records daily.
“Sorry to 10,200 Australians whos (sic) data was leaked. Australia will see no gain in fraud, this can be monitored. Maybe for 10,200 Australians but rest of population no. Very sorry to you,” the post read.
“Deepest apology to Optus for this. Hope all goes well from this. Optus if your (sic) reading we would have reported exploit if you had method to contact. No security mail, no bug bounty, no way to message.
“Ransom not payed (sic) but we don’t care anymore. Was mistake to scrape publish data in first place.”
Earlier on Tuesday the account released data belonging to 10,000 customers and posted on the same forum a warning that personal information would continue to be released each day the ransom was not paid.
After the update from Optusbreach Home Affairs and Cyber Security Minister Claire O’Neil said she was “incredibly concerned” about the reports data was being circulated for free.
“I am incredibly concerned this morning about reports that personal information from the Optus data breach, including Medicare numbers, are now being offered for free and for ransom,” she said in a statement.
“Medicare numbers were never advised to form part of compromised information from the breach. Consumers have a right to know exactly what individual personal information has been compromised in Optus’ communications to them. Reports today make this a priority.
“I want to re-assure Australians that the full weight of cyber security capabilities across government, including the Australian Signals Directorate, the Australian Cyber Security Centre and the Federal Police are working round the clock to respond to this breach.”
Almost 10 million current and former Optus customers have been affected by the breach.
Among those affected by the attack are 2.8 million who have had more important identity records released including their passport, driver’s license, email, home address, date of birth and phone number.
The ransom note released by the hackers on Tuesday morning claimed they were in possession of more than 3.8 million “identity document numbers”, 3.2 million driver’s license numbers and four million user data records.
There were also reports Medicare numbers are being released by the alleged attacker.
Optusbreach also said they had advised potential buyers it would cost US$150,000 for user data records and $200,000 for addresses.
“Four more days to decide Optus!” the ransom note read.
“Since they not payed (sic) yet here is 10,000 record from address file. Will release 10,000 record every day for four day when they not pay.”
The data already leaked by the hackers has caused major concerns for many Australians with Trevor Long, a tech expert at EFTM, telling Sky News Australia the information could allow those in possession of it to take out credit on behalf of other people.
“I looked at the data and it looks as legit as the first 100 samples he left but I think it’s even more disturbing because we’re now seeing Medicare card numbers in this latest data,” he told AM Agenda.
“I found 3,500 driver’s license numbers, 260 odd passport numbers and around 55 Medicare numbers so we’re talking about date of birth, address, phone numbers. This is hardcore information in terms of your identity.
“With that information they have the 100 points of identification to take out credit which will affect your credit rating in the future.”
Mr Long added Optus could be forced to pay up to $1 billion to Australians affected by the breach as they look to replace their personal documents and forms of identification.
“It will come at a cost and these are the things that Optus is going to have to bear the cost of replacing driver’s license numbers, the cost of identity protection to people is going to be in the billions for Optus I estimate,” he said.
Despite Optus facing a major cost in reimbursing the affected customers Mr Long had warned the telco against paying the ransom because there was “no guarantee” the hackers would delete the data.
Labor MP and Chair of Parliamentary Joint Committee on Intelligence and Security Peter Khalil also told Sky News Australia paying the ransom was not the right response.
“My personal view would be in my experience that you don’t reward this kind of behaviour,” he told AM Agenda host Peter Stefanovic.
“Obviously I don’t know all the details, I haven’t been briefed but my personal view would be that you should not be rewarding this kind of criminal behaviour.”
Read the full article here
