Optus

2022 - 9 - 28

Post cover
Image courtesy of "RNZ"

Optus data leak: Online account claiming to be behind breach ... (RNZ)

The account apologised to 10200 Australians whose records it claimed to have leaked just hours earlier.

"Any Victorian affected by the data breach can replace their licence by contacting VicRoads through www.vicroads.vic.gov.au/optusbreach," a Department of Transport spokesperson said. The ACT government in a statement said it was engaging with Optus and the federal government to assess the scope of information that may be compromised, to what extent it had affected residents, and to inform any further steps to protect those affected. Reports today make this a priority," Ms O'Neil said. "The cost to replace your driver licence is $29 and will be charged by Service NSW at the time of application - reimbursement advice will be issued by Optus to customers in the coming days," he wrote. "We will request Optus repays the cost of the new licences to the Victorian government." Asked about a post last week by a user claiming to be selling the data, she said: "We have seen that there is a post like that on the dark web and the Australian Federal Police is all over that."

Post cover
Image courtesy of "Infosecurity Magazine"

Alleged Optus Hacker Apologizes, Deletes Customers' Exposed Data (Infosecurity Magazine)

However, the alleged hacker also apologized to 10,000 Australian individuals whose data had been leaked. "Australia will see no gain in fraud; this can be ...

Very sorry to you." "The AFP is gathering crucial evidence from the breach of Optus data and is working closely with overseas law enforcement to identify the offenders behind this attack," the AFP wrote in a "Australia will see no gain in fraud; this can be monitored. "Operation Hurricane has been launched to identify the criminals behind the alleged breach and to help shield Australians from identity fraud." We will not [sell] data to anyone. The post comes hours after the attorney general, Mark Dreyfus, confirmed that the Federal Bureau of Investigation in the US was assisting the Australian Federal Police's (AFP) operation in discovering who might have accessed the data and who was attempting to sell it.

Post cover
Image courtesy of "The Guardian"

Alleged Optus hacker apologises for data breach and drops ransom ... (The Guardian)

Online account claims it published records of 10000 customers and threatened to release more before change of heart.

It is understood that no money was transferred into the account between the SMS being sent and CBA blocking it. We can’t if we even want to: personally deleted data from drive (Only copy),” they said in a new post. Optus said no ransom has been paid. The text leak contained names, dates of birth, email addresses, driver’s licence numbers, passport numbers, Medicare numbers, phone numbers and address information. The Commonwealth Bank of Australia (CBA) said on Tuesday it had blocked an account referenced in an SMS message designed to extort $2,000 from victims of the Optus data breach. We will not sale [sic] data to anyone.

Post cover
Image courtesy of "South Coast Register"

Optus to pay for licence replacements (South Coast Register)

Australians caught up in a massive breach of Optus data will be able to change their driver's licence numbers and get new cards, with the telco expected to ...

We will not sale (sic) data to anyone. They said in a statement it was "not good enough" for the Department of Foreign Affairs to advise on its website that "if you choose to replace your passport you'll have to pay" as the department was not responsible for the data breach. We cant if we even want to: personally deleted data from drive (Only copy)," the group said on Tuesday. "The government isn't responsible for Optus and their data breach, but they're sure as hell responsible for coordinating a response," he said. "We will request Optus repays the cost of the new licences to the Victorian government," a spokesperson for the state's Transport department said. Australians caught up in a massive breach of Optus data will be able to change their driver's licence numbers and get new cards, with the telco expected to bear the multi-million cost of changeover.

Post cover
Image courtesy of "Aljazeera.com"

Optus, Australian government clash over massive data breach (Aljazeera.com)

Canberra claims the No 2 telecom 'effectively left the window open' to hackers.

Minister For Cyber Security Clare O’Neil said she was “incredibly concerned … She added that most customers understand that “we are not the villains” and that the company had not deliberately done anything to put data at risk. The Australian federal government has blamed Optus for the breach, suggested the company had “effectively left the window open” for hackers to steal data, and flagged an overhaul of privacy rules and higher fines.

Post cover
Image courtesy of "The Guardian"

Sophisticated attack or human error?: how Optus lost control of your ... (The Guardian)

Reporter Josh Taylor and Jane Lee discuss whether the Optus data breach was a 'sophisticated attack' on the telco, or a failure of the company's own ...

But we increasingly need our readers to fund our work. And we want to keep our journalism open and accessible to all. Support The Guardian

Post cover
Image courtesy of "Services Australia"

What to do if you've been affected by the recent Optus data breach (Services Australia)

For some Optus customers, this may include your Medicare card number if you've used it to prove your identity with Optus. Please be assured people can't access ...

You can connect to our RSS feeds with your favourite RSS reader. [how to replace your Medicare card](/medicare-online-account-help-get-replacement-or-extra-medicare-card) online. [replace your Medicare card](/get-new-medicare-card-if-it-expires-or-lost-stolen-or-damaged).

Post cover
Image courtesy of "South Coast Register"

Gov to protect consumers in Optus breach (South Coast Register)

All the government's resources are being thrown at helping protect Australians who had their details stolen in the Optus data breach, says Health Minister ...

it shouldn't be the commonwealth government or any other government that is bearing the cost of what is at its heart ... Optus says it has sent email or SMS messages to customers whose details were compromised and apologised for the concern it has caused. They said the Department of Foreign Affairs was advising on its website that "if you choose to replace your passport you'll have to pay" as the department was not responsible for the data breach. a stuff up by Optus," he told Sky News. "Victims of the Optus cyber hack should not have to wait or pay significant amounts of fees to secure their personal information, and obtain a new passport," the statement reads. In a joint statement, opposition foreign affairs spokesman Simon Birmingham and opposition cyber security spokesman James Paterson said it "wasn't good enough" affected customers had to foot the bill for the telco's mistake.

Post cover
Image courtesy of "South Coast Register"

Optus victims: Passport fees must be waived, coalition calls for help (South Coast Register)

Calls are growing for the federal government to waive passport fees for Optus data breach victims, as states rally to change driver's licence numbers.

Advertisement

Post cover
Image courtesy of "1 News"

Opinion: It's time for Optus to cough up the cash for NZ victims (1 News)

1News is aware of at least 10 New Zealand passports exposed in the breach.

[IDCARE website ](https://www.idcare.org/)and stay up to date with the information Optus is providing on their [website](https://www.optus.com.au/about/media-centre/media-releases/2022/09/optus-notifies-customers-of-cyberattack). The New Zealand Department of Internal Affairs says it encourages people who are affected to check the advice on the New Zealand’s Department of Internal Affairs says it’s working with Optus to understand the impact for New Zealand Passport holders but says its passport systems have not been breached. He said that while it’s not up to New Zealand’s Department of Internal Affairs to offer replacement passports, he’d like to see Optus cover the cost. The company has previously warned that up to 9.8 million customers could’ve had their data exposed in the breach in the “worst case scenario”. Telecommunications company Optus has been caught up in one of Australia’s biggest cyberattacks, and the ramifications are significant.

Post cover
Image courtesy of "Dark Reading"

FBI Helping Australian Authorities Investigate Massive Optus Data ... (Dark Reading)

Initial reports suggest a basic security error allowed the attacker to access the company's live customer database via an unauthenticated API.

"Clearly, the Australian government has taken this breach very seriously and is going after the attacker voraciously," Fisher adds. The [Australian Federal Police](https://www.afp.gov.au/news-media/media-releases/afp-working-overseas-law-enforcement-optus-breach), which is investigating the Optus breach, said it was working with overseas law enforcement to track down the individual or group responsible for it. Casey Ellis, founder and CTO of bug bounty firm Bugcrowd, says the intense scrutiny the breach has received from the Australian government, public, and law enforcement may have spooked the attacker. "It's fairly rare for this type of interaction to be as spectacular as this one has been," he says. If the report about the exposed API is true, Optus was the victim of a security mistake that many others make. The data compromise has put Optus security practices squarely under the spotlight especially because it appears to have resulted from a fundamental error. 21](https://www.optus.com.au/about/media-centre/media-releases/2022/09/optus-notifies-customers-of-cyberattack), and in a series of updates since then has described it as affecting current and previous customers of the company's broadband, mobile, and business customers from 2017 onward. Another survey-based study that Cloudentity conducted last year found [44% of respondents saying their organization had experienced data leakage](https://www.darkreading.com/vulnerabilities-threats/api-security-issues-hinder-application-delivery) and other issues stemming from API security lapses. He notes that unauthenticated APIs occupy the second spot in OWASP's list of the top 10 API security vulnerabilities. But it somehow ended up getting exposed to a test network, which happened to be directly connected to the Internet, ABC quoted the insider as saying. "If you don’t hear from us, it means that your driver’s license doesn’t need to be changed." The threat actor also claimed he or she deleted all the data stolen from Optus.

Banks, regulators to stem Optus fallout (South Coast Register)

Australia's banks and financial regulators have met to discuss how they can help protect the almost 10 million...

it shouldn't be the commonwealth government or any other government that is bearing the cost of what is at its heart ... "We want to ... Optus says it has sent emails or SMS messages to customers whose details were compromised and apologised for the concern it has caused. Opposition Leader Peter Dutton said affected customers shouldn't be out of pocket, and called for the government to waive fees, or pay for them and seek to be reimbursed from Optus. Treasurer Jim Chalmers said the government had been "working around the clock" and on Monday he had brought together Treasury, the banks and regulators to address privacy and data retention concerns. Australia's banks and financial regulators have met to discuss how they can help protect the almost 10 million customers whose sensitive details were stolen in the Optus data breach.

Post cover
Image courtesy of "The Guardian"

Optus customers, not the company, are the real victims of massive ... (The Guardian)

Optus executives are paid millions to ensure that, among other things, customer data is safe. These are the people who should be held accountable for the ...

If the Optus data breach happened in the EU, Optus would be facing fines of up to 4% of its global revenue for the past year, about $640m based on If Optus had collected less data from people, and hadn’t held it for as long, it wouldn’t have been quite so vulnerable to leaking the data to anyone. This would help us at least get compensation for the work we now have to do cleaning up the mess made by Optus. Optus positioned itself early on in the crisis as a hapless victim, despite claims in parliament that they had contributed to the breach. Will it compensate them for having to move their children to a new school again? It’s important then that we analyse how Optus has handled this breach so far, and what needs to be done to ensure it doesn’t happen again.

Post cover
Image courtesy of "Motley Fool Australia"

How has the Singtel share price responded to the Optus data breach? (Motley Fool Australia)

Shares in Optus parent company Singtel have been trading lower since the Optus data hack; It's now reported the hackers have withdrawn their $1 million ...

To get Singtel to comply with its demands, it released 10,000 customer records, and the group said it would publish a total of 40,000 more records on Tuesday if the ransom went unpaid. However, my colleague Brooke notes that the group may be regretting its act of blackmail. The information divulged included dates of birth, names, and potentially details from identification documents such as passports and driver’s licences. [has demanded a $1 million ransom](https://www.fool.com.au/2022/09/27/are-optus-shares-listed-on-the-asx/) not to publish all of the stolen data. [stole personal information](https://www.fool.com.au/2022/09/23/heres-how-asx-telco-shares-are-faring-following-optus-hack/) from 9.8 million Optus customers in the attack. [announcing it had been hacked](https://www.fool.com.au/2022/09/23/heres-how-asx-telco-shares-are-faring-following-optus-hack/).

Post cover
Image courtesy of "SBS"

Optus data breach: What to do about replacing your driver's licence ... (SBS)

If you're among the millions of Optus customers worried about your driver's licence details being exposed in the data breach, you may be able to get a free ...

“I was surprised to read a media release from their shadow ministers are saying Labor must provide new passports for Optus victims ... “Passport customers affected by this breach and concerned about identity fraud may choose to replace their passports. You’ll get a new licence card within 10 business days. “Victims of the Optus cyber hack should not have to wait or pay significant amounts of fees to secure their personal information and obtain a new passport,” Liberal senator James Paterson said in a statement. Only the card number changes. In order to organise a new licence, drivers can visit any Service Tasmania Contact Centre, and they will arrange a new licence number and a replacement licence card. The department has asked Optus to repay the cost of new licences to the Victorian Government. If you’re concerned about your licence details and have been notified by Optus that your data has been breached, you can contact VicRoads to request a replacement. “Once your licence number has been changed, a new driver licence card will be produced and posted to you,” Service SA said in a statement on its website. Queenslanders who have been advised by Optus that their ID information has been compromised can get a free, new replacement by the Department of Transport and Main Roads. “While the Queensland Driver Licence is a highly secure identity document, we understand that some customers who have been impacted are concerned and may wish to get a new driver licence number,” a Transport and Main Roads spokesperson said in a statement to SBS News. As to who will pay for the cost, the $29 replacement fee will be charged by Service NSW at the time of application and reimbursement advice will be issued by Optus to customers in the coming days.

Post cover
Image courtesy of "South Coast Register"

Optus should pay for passports: PM (South Coast Register)

Anthony Albanese has declared Optus should be made to pay for new personal documents after the sensitive details...

"We want to ... Advertisement Treasurer Jim Chalmers said the government had been "working around the clock" and on Monday he had brought together Treasury, the banks and regulators to address privacy and data retention concerns. Meanwhile, Australia's banks and financial regulators have met to discuss how they can help protect the almost 10 million customers whose sensitive details were stolen in the Optus data breach. The prime minister told parliament on Wednesday the hack had caused millions of Australians "stress and worry", while lashing the coalition for calling on the government to cover the costs of issuing passports. Anthony Albanese has declared Optus should be made to pay for new personal documents after the sensitive details of almost 10 million customers were stolen in a data breach.

Post cover
Image courtesy of "Holding Redlich"

Optus: When does a data breach lead to a breach of law? (Holding Redlich)

Safe to say, millions of personal information records were compromised last week by a malicious actor and the facts surrounding the incident and liability of ...

The information in this article is of a general nature and is not intended to address the circumstances of any particular individual or entity. Even if there is no breach of the Privacy Act, individuals may make a complaint and if their personal information held by Optus has been accessed by any unauthorised entity, they may be successful in claiming certain damage or loss. If a breach of an APP was found, it would still need to be serious or repeated to lead to financial penalties. A malicious actor can employ sophisticated tactics to gain unauthorised access to personal information, and there might not have been anything an organisation could do about it with the reasonable security measures it had in place. Australian Privacy Principle (APP) 11 requires an organisation that is subject to the Privacy Act to take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access. Many people would not realise that a company whose database is hacked is not automatically in breach of the law.

Post cover
Image courtesy of "iTnews"

CBA customers target of Optus SMS scam (iTnews)

Federal government remains critical of telco; Service NSW crashes. The Commonwealth Bank is working with the Australian Federal Police and other government ...

Consumers have also got a right to know exactly what individual personal information has been compromised in Optus's communications to them.” If customers notice any unusual transactions or activity with their banking services they should contact us immediately.” In its customer communications, the bank said it “heightened our ID theft monitoring”, and its teams “have relationships with several cyber security industry groups and will continue to monitor all channels for any data and will only update you through our channels”. “We continue to work closely with the Australian Federal Police and other investigative, government and regulatory authorities to limit the impact of any fraud and scams resulting from the events over the past few days,” the bank said In a statement from the bank, CBA said it “has become aware” of the circulating SMS and has "identified and blocked this account”. The scam text message said “Optus has left security measures allowing us to access the personal information of their customers” before threatening to release further personal information unless a payment of $2000 was paid into a CBA account.

Post cover
Image courtesy of "The Australian Financial Review"

Optus data breach updates LIVE: Albanese demands Optus pay for ... (The Australian Financial Review)

That's it for today. Here's a summary of the day's events: Prime Minister Anthony Albanese revealed the government had written to Optus requesting the telco ...

After the motion is referred to the Federation Chamber, question time will begin. Ministers are required to divest shareholdings in any public or private companies. Michael Read

Explore the last week