SYDNEY (AFP) – Australia’s government said yesterday it was “incredibly concerned” over the reported release of customers’ personal data stolen from a telecoms company in one of the largest hacks in the country’s history.
Information on up to 9.8 million Australian customers of telecoms provider Optus – more than one-third of the country’s population – may have been compromised in the cyberattack, which was revealed last week.
An anonymous poster who claimed to be behind the data breach reportedly released the personal data of more than 10,000 people late on Monday.
In posts to a hacking forum seen by AFP, the purported cybercriminal threatened to release more customer records daily unless a USD1 million ransom was paid by Optus.
But yesterday morning, the poster appeared to perform a U-turn.
“Too many eyes. We will not sale data to anyone,” said a post written in broken English on the forum, claiming that the only copy of the information hacked from Optus had been deleted.
“Sorry too 10,200 Australian whos data was leaked,” the post read.
The Optus breach led to the theft of customers’ names, birth dates, phone numbers, addresses, driver’s licence information and passport numbers, the company said.
The data released late on Monday also reportedly included people’s Medicare health service numbers, according to cybersecurity journalist Jeremy Kirk, who said he had independently verified some earlier customer information released by the poster.
Home Affairs Minister Clare O’Neil said she was “incredibly concerned this morning about reports that personal information from the Optus data breach, including Medicare numbers, are now being offered for free and for ransom”.
O’Neil, who has chastised Optus for failing to better protect its customers, said the government had not been advised that Medicare information formed part of the breach.
“Consumers have a right to know exactly what individual personal information has been compromised,” she said.
O’Neil has previously dismissed Optus’ claims that the breach was a “sophisticated” hack, telling national broadcaster ABC that the company “effectively left the window open”.
Australia was about a decade behind on privacy protections and five years behind on cybersecurity, both of which needed to be addressed, she said.