Optus is investigating accusations that hackers are demanding $US1 million in cryptocurrency in exchange for millions of customer records.
If the telco does not comply within a week, the stolen data would be auctioned for $300,000, according to unsubstantiated claims made in online forums.
It follows Optus’ announcement that it would contact account holders whose personal information may have been stolen in this week’s huge data breach.
The corporation was criticized this week after it disclosed a massive data breach in which the personal information of 9.8 million customers dating back to 2017 were taken (pictured, an Optus store in Sydney)
Customers as far back as 2017 may have been compromised, as Optus retains customer verification information for six years.
This week, Optus was criticized for disclosing a massive data breach in which the personal information of 9.8 million users was compromised.
The telecommunications company said that no passwords or bank information were compromised, but other personal information may have been taken.
Names, addresses, birth dates, phone numbers, driver’s license and passport information were among the data exposed to the cyber attack.
In an alarming turn of events, the Australian Federal Police is investigating accusations that stolen customer data and identification numbers may be for sale on the dark web and other online forums.
A representative for the Australian Federal Police stated, “The AFP is deploying specialized capabilities to monitor the dark web and other technologies, and will not hesitate to take action against lawbreakers.”
The maximum sentence for purchasing stolen credentials is ten years in prison.
Optus stated that it would be unable to comment on certain parts of the matter while the AFP investigates.
In a statement released on Saturday, the firm indicated that it will reach out to those whose information was exposed.
Optus is contacting first those customers whose passport or driver’s license numbers were compromised in the major data hack (pictured, a stock photo)
Optus will contact consumers to inform them of the impact, if any, of the cyber assault on their personal information, the company said.
“On Saturday, we will notify all clients whose ID document number may have been hacked,” the statement reads.
The first consumers to be contacted are those whose passport or driver’s license details were compromised in the major data leak.
“We will contact clients who are unaffected last,” read the statement.
The security incident raised questions about how long telecoms should preserve user data and how they should compensate customers when such breaches occur.
It was found that Optus opposed planned 2020 legislative amendments that would have let users to delete their personal data.
The business stated that getting a system up and running included “major obstacles and expenses.”
The Morrison administration initiated a review of the nation’s Privacy Act, with the attorney-office general’s conducting a survey to determine whether Australians should have the option to delete their personal data.
Users would have the right to take immediate legal action in the event of a breach of their personal information.
As the Australian Federal Police is now investigating the cyber attack, Optus cannot comment on specific parts of the incident, according to a company statement.
Optus rejected both modifications.
In the meanwhile, Optus warned that Thursday’s cyber attack might launch a wave of criminal schemes, including phishing calls, emails, and text messages.
It stated that its text messages and emails to consumers will not contain internet links, therefore if a link is sent, it may be a hoax.
Saturday’s announcement from Optus urged users to refrain from clicking any links.
“As the Australian Federal Police is still investigating the cyber attack, Optus cannot comment on some parts of the incident,” the company stated.
“Given the ongoing investigation, Optus will not comment on the veracity of client data purported to be held by third parties and recommends all customers to exercise vigilance in all online transactions and interactions,” the statement reads.
The CEO of Optus, Kelly Bayer Rosmarin (pictured), said she felt “horrible” that the incident occurred under her watch.
Kelly Bayer Rosmarin, CEO of Optus, offered an impassioned apology for the international hack, expressing regret that the company had not prevented it.
The CEO of the organization admitted she felt “awful” that the security lapse occurred under her watch.
She remarked with a glum expression, “I believe it’s a combination of various feelings.”
‘Of course I am furious that there are people in the world who would do this to our clients.
I’m unhappy we were unable to avoid it.
Ms. Bayer Rosmarin further disclosed that the IP addresses associated with the hackers had moved throughout numerous European nations and that the breach was “sophisticated.”
She noted that it was too early to determine whether a criminal organization or another nation was behind the attack.
The potentially compromised information dates back to 2017.
Ms. Bayer Rosmarin stated that the reported amount of 9.8 million users whose data was compromised was the ‘worst case scenario’ and that Optus anticipated a far smaller number.
Andrew Sheridan, vice president of Optus, stated that human error was not to blame for the incident.
Optus has apologized for the breach and has begun contacting millions of consumers on Friday.
The telecommunications company stated that distributing information via news channels was the ‘quickest and most effective way’ to alert customers and convey the gravity of the situation.
The Daily Mail Australia requested comment from Optus.