Optus attackers publish and then delete data

Image by Freepik

An alleged attacker, seeking a ransom payment from Optus in exchange for millions of customer records, published 10,000 records online before retracting the threat and deleting all demands.

Optus, one of Australia’s top mobile operators, revealed last week that the personally identifiable information (PII) of approximately 10 million customers, including home addresses, driver’s licenses and passport numbers, had been compromised.

Recently, in an online forum, the attackers said they had deleted the data due to “too many eyes,” were withdrawing their ransom demand and were sorry for having already leaked data of 10,200 Australians.

Jeremy Kirk, a cybersecurity researcher and writer who said he had been in contact with the purported attacker, tweeted that it was unclear why they changed their mind, but “this doesn’t change the risk for anyone exposed,” according to Reuters.

Optus and the Australian Federal Police, which have been working with the Federal Bureau of Investigation and international law enforcement agencies to investigate the cyberattack, declined to comment on whether they believed the account holders were behind the breach, Reuters reports.

The Australian federal government has blamed Optus and suggested that the company had “effectively left the window open” for attackers to steal data. However, Optus Chief Executive Kelly Bayer Rosmarin said that the company took data protection seriously. “Given we’re not allowed to say much because the police have asked us not to, what I can say … is that our data was encrypted and we had multiple players of protection,” Bayer Rosmarin told ABC Radio, adding that most customers understand that “we are not the villains.” She noted that the company did not do anything deliberately to put data at risk.

Casey Ellis, Founder and CTO at Bugcrowd, says, “As someone who hails from this part of the world, the Optus breach is incredibly impactful. There are more than 10 million records involved, and Australia has a population of 24 million. Therefore, we’re getting close to half of the entire population getting caught up in a data breach. We don’t know very much about the breach yet, but it’s definitely alarming. What’s going to happen next in terms of the impact and the roll-down consequence of the breach? It’s still to be determined. I think it is still in burn mode right now.”

According to Ellis, there’s a collaboration happening regarding threat actor attribution, identification of the breach, and more, between Optus and the Australian intelligence community. “And generally when these things get kicked off, there’s a sensitivity to that process and a lot of caution applied to releasing details,” Ellis says. “I think we will find out over time.”

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.