Optus, an Australian telecoms giant company (a wholly-owned subsidiary of Singapore telecommunications group, Singtel) is facing a controversy over data breach, since last week. It has become the latest high-profile victim of a data breach with the alleged attacker demanding payment to buy back millions of customer records, having already made 10,000 of them public online.
The cybersecurity experts believe that an account called ‘optusdata‘ in an online forum, is the account of a hacker. It had threatened to publish the data of 10,000 Optus customers per day unless they receive $1 million in cryptocurrency.
However, the account holders posted on 27 September 2022, that they had deleted the data due to ‘too many eyes’, were withdrawing their ransom demand and were sorry for having already leaked data of 10,200 Australians.
However, it does not change the fact that someone was able to access these customer records, including names, dates of birth, drivers license numbers, addresses, phone numbers, medicare numbers and passport numbers, in the first place, leaving many Optus customers feeling vulnerable.
The Australian federal government has blamed Optus for the breach, flagged an overhaul of privacy rules and higher fines, and suggested the company had “effectively left the window open” for hackers to steal data.
However, Optus and the Australian Federal Police, which have been working with the FBI and other offshore law enforcement agencies to probe the cyberattack, declined to comment on whether they believed the ‘optusdata‘ account holders were behind the breach.
In an unprecedented move, all of Australia’s states and territories will allow motorists affected by the Optus data breach to request a new driver’s license number. Authorities make it tough to change licence details to prevent fraud.
Since around 10 million Australians are affected by the Optus data breach, therefore all Australian states and territories are allowing the motorists to apply for a new driver’s license number on strict conditions.
Optus CEO Kelly Bayer Rosmarin issued a heartfelt apology, but she also said the company is not at fault and urged customers to be on high alert.
Australian Prime Minister Anthony Albanese said when customers give their personal data to companies, they expect the information to be kept safe. He also said that the incident should serve as a wakeup call to businesses in Australia.
Australia’s Minister for Home Affairs Clare O’Neil said that the country was about five years behind where it needed to be in cyber protection. She added that the incident was a major error on Optus’ part and, breach of such a scale, involving a company such as Optus, would have resulted in significant financial penalties in other countries.
Jeremy Kirk, a cybersecurity researcher and writer who said he had been in contact with the purported hacker, tweeted that it was unclear why they changed their mind but “this doesn’t change the risk for anyone exposed”. He wrote, “The Optus data has been stolen, and we can’t trust that person. No guard should be let down“.
This incident has raised the concern not only in Australia but to the other nations too as in today’s virtual world the most important and valuable thing is the data that is being required in every field. And if it is not safe then the individuality and integrity of human beings is at a high risk.