Massive data breach shakes Australia; 40 pc of population data stolen

Thursday, 29 September 2022 (12:50 IST)

Canberra: Australia is reeling under the shock of what is being described as the worst data breach in the country's history.

Last week, Australian telecommunications giant Optus revealed that about 10 million

customers -- about 40 per cent of the population -- had personal data stolen in what it called was a cyber-attack, BBC reported.

This week has seen more dramatic and messy developments including ransom threats, tense public exchanges and scrutiny over whether this constituted a "hack" at all.

It has also ignited critical questions about how Australia handles data and privacy, BBC said.

The alarm was sounded last Thursday when Optus -- a subsidiary of Singapore Telecommunications Ltd -- went public with the breach about 24 hours after it noticed suspicious activity on its network.

Australia's second biggest telecoms provider said current and former customers' data was stolen including names, birthdates, home addresses, phone and email contacts, and passport and driving licence numbers. It said that payment details and account passwords were not compromised, the BBC report said.

On Saturday, an Internet user published data samples on an online forum and demanded a ransom of $1m in cryptocurrency from Optus.

Investigators are yet to verify the user's claims, but some experts quickly said the sample data -- which contained about 100 records -- appeared legitimate.

Sydney-based tech reporter Jeremy Kirk contacted the purported hacker and said the person gave him a detailed explanation of how they stole the data, the report said.

The user contradicted Optus's claims the breach was "sophisticated", saying they puled the data from a freely accessible software interface.

In another escalation on Tuesday, the person claiming to be the hacker released 10,000 customer records and reiterated the ransom deadline.

Just hours later, the user apologised - saying it had been a "mistake" - and deleted the previously posted data sets, the BBC reported.

That sparked speculation about whether Optus had paid the ransom -- which the company denies -- or whether the user had been spooked by the police investigation.

Adding to the problem, others on the forum had copied the now-deleted data sets, and continued to distribute them.

It also emerged some customers' Medicare details - government identification numbers that could provide access to medical records - had also been stolen, something Optus did not previously disclose.

A class-action lawsuit could soon be filed against the company. "This is potentially the most serious privacy breach in Australian history, both in terms of the number of affected people and the nature of the information disclosed," said Ben Zocco from Slater and Gordon Lawyers.

The company has faced calls to cover the costs of replacement passport and driving licences, as people scramble to protect themselves. (UNI)