Optus

Online account claims it published records of 10000 customers and threatened to release more before change of heart.

It is understood that no money was transferred into the account between the SMS being sent and CBA blocking it. We can’t if we even want to: personally deleted data from drive (Only copy),” they said in a new post. Optus said no ransom has been paid. The text leak contained names, dates of birth, email addresses, driver’s licence numbers, passport numbers, Medicare numbers, phone numbers and address information. The Commonwealth Bank of Australia (CBA) said on Tuesday it had blocked an account referenced in an SMS message designed to extort $2,000 from victims of the Optus data breach. We will not sale [sic] data to anyone.

Australians caught up in a massive breach of Optus data will be able to change their driver's licence numbers and get new cards, with the telco expected to ...

We will not sale (sic) data to anyone. They said in a statement it was "not good enough" for the Department of Foreign Affairs to advise on its website that "if you choose to replace your passport you'll have to pay" as the department was not responsible for the data breach. We cant if we even want to: personally deleted data from drive (Only copy)," the group said on Tuesday. "The government isn't responsible for Optus and their data breach, but they're sure as hell responsible for coordinating a response," he said. "We will request Optus repays the cost of the new licences to the Victorian government," a spokesperson for the state's Transport department said. Australians caught up in a massive breach of Optus data will be able to change their driver's licence numbers and get new cards, with the telco expected to bear the multi-million cost of changeover.

Canberra claims the No 2 telecom 'effectively left the window open' to hackers.

Minister For Cyber Security Clare O’Neil said she was “incredibly concerned … She added that most customers understand that “we are not the villains” and that the company had not deliberately done anything to put data at risk. The Australian federal government has blamed Optus for the breach, suggested the company had “effectively left the window open” for hackers to steal data, and flagged an overhaul of privacy rules and higher fines.

Reporter Josh Taylor and Jane Lee discuss whether the Optus data breach was a 'sophisticated attack' on the telco, or a failure of the company's own ...

But we increasingly need our readers to fund our work. And we want to keep our journalism open and accessible to all. Support The Guardian

For some Optus customers, this may include your Medicare card number if you've used it to prove your identity with Optus. Please be assured people can't access ...

You can connect to our RSS feeds with your favourite RSS reader. [how to replace your Medicare card](/medicare-online-account-help-get-replacement-or-extra-medicare-card) online. [replace your Medicare card](/get-new-medicare-card-if-it-expires-or-lost-stolen-or-damaged).

All the government's resources are being thrown at helping protect Australians who had their details stolen in the Optus data breach, says Health Minister ...

it shouldn't be the commonwealth government or any other government that is bearing the cost of what is at its heart ... Optus says it has sent email or SMS messages to customers whose details were compromised and apologised for the concern it has caused. They said the Department of Foreign Affairs was advising on its website that "if you choose to replace your passport you'll have to pay" as the department was not responsible for the data breach. a stuff up by Optus," he told Sky News. "Victims of the Optus cyber hack should not have to wait or pay significant amounts of fees to secure their personal information, and obtain a new passport," the statement reads. In a joint statement, opposition foreign affairs spokesman Simon Birmingham and opposition cyber security spokesman James Paterson said it "wasn't good enough" affected customers had to foot the bill for the telco's mistake.

Calls are growing for the federal government to waive passport fees for Optus data breach victims, as states rally to change driver's licence numbers.

Advertisement

1News is aware of at least 10 New Zealand passports exposed in the breach.

[IDCARE website ](https://www.idcare.org/)and stay up to date with the information Optus is providing on their [website](https://www.optus.com.au/about/media-centre/media-releases/2022/09/optus-notifies-customers-of-cyberattack). The New Zealand Department of Internal Affairs says it encourages people who are affected to check the advice on the New Zealand’s Department of Internal Affairs says it’s working with Optus to understand the impact for New Zealand Passport holders but says its passport systems have not been breached. He said that while it’s not up to New Zealand’s Department of Internal Affairs to offer replacement passports, he’d like to see Optus cover the cost. The company has previously warned that up to 9.8 million customers could’ve had their data exposed in the breach in the “worst case scenario”. Telecommunications company Optus has been caught up in one of Australia’s biggest cyberattacks, and the ramifications are significant.

Initial reports suggest a basic security error allowed the attacker to access the company's live customer database via an unauthenticated API.

"Clearly, the Australian government has taken this breach very seriously and is going after the attacker voraciously," Fisher adds. The [Australian Federal Police](https://www.afp.gov.au/news-media/media-releases/afp-working-overseas-law-enforcement-optus-breach), which is investigating the Optus breach, said it was working with overseas law enforcement to track down the individual or group responsible for it. Casey Ellis, founder and CTO of bug bounty firm Bugcrowd, says the intense scrutiny the breach has received from the Australian government, public, and law enforcement may have spooked the attacker. "It's fairly rare for this type of interaction to be as spectacular as this one has been," he says. If the report about the exposed API is true, Optus was the victim of a security mistake that many others make. The data compromise has put Optus security practices squarely under the spotlight especially because it appears to have resulted from a fundamental error. 21](https://www.optus.com.au/about/media-centre/media-releases/2022/09/optus-notifies-customers-of-cyberattack), and in a series of updates since then has described it as affecting current and previous customers of the company's broadband, mobile, and business customers from 2017 onward. Another survey-based study that Cloudentity conducted last year found [44% of respondents saying their organization had experienced data leakage](https://www.darkreading.com/vulnerabilities-threats/api-security-issues-hinder-application-delivery) and other issues stemming from API security lapses. He notes that unauthenticated APIs occupy the second spot in OWASP's list of the top 10 API security vulnerabilities. But it somehow ended up getting exposed to a test network, which happened to be directly connected to the Internet, ABC quoted the insider as saying. "If you don’t hear from us, it means that your driver’s license doesn’t need to be changed." The threat actor also claimed he or she deleted all the data stolen from Optus.

Australia's banks and financial regulators have met to discuss how they can help protect the almost 10 million...

it shouldn't be the commonwealth government or any other government that is bearing the cost of what is at its heart ... "We want to ... Optus says it has sent emails or SMS messages to customers whose details were compromised and apologised for the concern it has caused. Opposition Leader Peter Dutton said affected customers shouldn't be out of pocket, and called for the government to waive fees, or pay for them and seek to be reimbursed from Optus. Treasurer Jim Chalmers said the government had been "working around the clock" and on Monday he had brought together Treasury, the banks and regulators to address privacy and data retention concerns. Australia's banks and financial regulators have met to discuss how they can help protect the almost 10 million customers whose sensitive details were stolen in the Optus data breach.

Optus executives are paid millions to ensure that, among other things, customer data is safe. These are the people who should be held accountable for the ...

If the Optus data breach happened in the EU, Optus would be facing fines of up to 4% of its global revenue for the past year, about $640m based on If Optus had collected less data from people, and hadn’t held it for as long, it wouldn’t have been quite so vulnerable to leaking the data to anyone. This would help us at least get compensation for the work we now have to do cleaning up the mess made by Optus. Optus positioned itself early on in the crisis as a hapless victim, despite claims in parliament that they had contributed to the breach. Will it compensate them for having to move their children to a new school again? It’s important then that we analyse how Optus has handled this breach so far, and what needs to be done to ensure it doesn’t happen again.

Shares in Optus parent company Singtel have been trading lower since the Optus data hack; It's now reported the hackers have withdrawn their $1 million ...

To get Singtel to comply with its demands, it released 10,000 customer records, and the group said it would publish a total of 40,000 more records on Tuesday if the ransom went unpaid. However, my colleague Brooke notes that the group may be regretting its act of blackmail. The information divulged included dates of birth, names, and potentially details from identification documents such as passports and driver’s licences. [has demanded a $1 million ransom](https://www.fool.com.au/2022/09/27/are-optus-shares-listed-on-the-asx/) not to publish all of the stolen data. [stole personal information](https://www.fool.com.au/2022/09/23/heres-how-asx-telco-shares-are-faring-following-optus-hack/) from 9.8 million Optus customers in the attack. [announcing it had been hacked](https://www.fool.com.au/2022/09/23/heres-how-asx-telco-shares-are-faring-following-optus-hack/).

If you're among the millions of Optus customers worried about your driver's licence details being exposed in the data breach, you may be able to get a free ...

“I was surprised to read a media release from their shadow ministers are saying Labor must provide new passports for Optus victims ... “Passport customers affected by this breach and concerned about identity fraud may choose to replace their passports. You’ll get a new licence card within 10 business days. “Victims of the Optus cyber hack should not have to wait or pay significant amounts of fees to secure their personal information and obtain a new passport,” Liberal senator James Paterson said in a statement. Only the card number changes. In order to organise a new licence, drivers can visit any Service Tasmania Contact Centre, and they will arrange a new licence number and a replacement licence card. The department has asked Optus to repay the cost of new licences to the Victorian Government. If you’re concerned about your licence details and have been notified by Optus that your data has been breached, you can contact VicRoads to request a replacement. “Once your licence number has been changed, a new driver licence card will be produced and posted to you,” Service SA said in a statement on its website. Queenslanders who have been advised by Optus that their ID information has been compromised can get a free, new replacement by the Department of Transport and Main Roads. “While the Queensland Driver Licence is a highly secure identity document, we understand that some customers who have been impacted are concerned and may wish to get a new driver licence number,” a Transport and Main Roads spokesperson said in a statement to SBS News. As to who will pay for the cost, the $29 replacement fee will be charged by Service NSW at the time of application and reimbursement advice will be issued by Optus to customers in the coming days.

Anthony Albanese has declared Optus should be made to pay for new personal documents after the sensitive details...

"We want to ... Advertisement Treasurer Jim Chalmers said the government had been "working around the clock" and on Monday he had brought together Treasury, the banks and regulators to address privacy and data retention concerns. Meanwhile, Australia's banks and financial regulators have met to discuss how they can help protect the almost 10 million customers whose sensitive details were stolen in the Optus data breach. The prime minister told parliament on Wednesday the hack had caused millions of Australians "stress and worry", while lashing the coalition for calling on the government to cover the costs of issuing passports. Anthony Albanese has declared Optus should be made to pay for new personal documents after the sensitive details of almost 10 million customers were stolen in a data breach.

Safe to say, millions of personal information records were compromised last week by a malicious actor and the facts surrounding the incident and liability of ...

The information in this article is of a general nature and is not intended to address the circumstances of any particular individual or entity. Even if there is no breach of the Privacy Act, individuals may make a complaint and if their personal information held by Optus has been accessed by any unauthorised entity, they may be successful in claiming certain damage or loss. If a breach of an APP was found, it would still need to be serious or repeated to lead to financial penalties. A malicious actor can employ sophisticated tactics to gain unauthorised access to personal information, and there might not have been anything an organisation could do about it with the reasonable security measures it had in place. Australian Privacy Principle (APP) 11 requires an organisation that is subject to the Privacy Act to take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access. Many people would not realise that a company whose database is hacked is not automatically in breach of the law.