Home  ⁄  Articles  ⁄  Hacker claiming Optus attack apologises in new online post as it is revealed Medicare numbers part of breach – By Raffaella Ciccarelli Adam Vidler

Hacker claiming Optus attack apologises in new online post as it is revealed Medicare numbers part of breach – By Raffaella Ciccarelli Adam Vidler

Sep 27, 2022 Posted by In Articles Tagged , ,

Hacker claiming Optus attack apologises in new online post as it is revealed Medicare numbers part of breach – By Raffaella Ciccarelli Adam Vidler

Source9news

An anonymous online account claiming to be behind the Optus cyber attack has bizarrely apologised for the hack, pledging not to make public the information of almost 10 million Australian customers.
Hours earlier several cybersecurity experts flagged a post by the same anonymous account in which it claimed to have already publicly released the stolen private information of 10,000 customers.
That post also included a threat to release more batches each day for the next four days unless demands are met.

However, hours later, the same poster followed up with an apology to the people affected by the leak and a claim to have deleted all the stolen data.
“Too many eyes. We will not sale (sic) data to anyone,” the poster wrote.
“We cant (sic) if we even want to: personally deleted data from drive (Only copy).”
The poster said no ransom for the data had been paid.
hack massege

The follow up post from an anonymous account claiming responsibility for the Optus hack, in which it apologises for the attack. (Supplied)

The online messaging comes as Home Affairs Minister Clare O’Neil lashes Optus after it was reported Medicare numbers were among the personal information lost in last week’s major data breach.
“Medicare numbers were never advised to form part of compromised information from the breach,” O’Neil said.
“Consumers have a right to know exactly what individual personal information has been compromised in Optus’ communications to them. Reports today make this a priority.”

Hack was not ‘sophisticated’

Callow told Today that based on the information he had received, the hack did not seem sophisticated and could have possibly been done by a single young person.

“On the basis of what has been said so far and the rumours that are circulating, it wouldn’t sound as though this was a sophisticated hack,” Callow said.

“It would sound like something potentially a high school kid could’ve pulled off.

“That’s not unusual. Young people have been responsible for some of the biggest hacks of recent times.”
brett-callow.

Brett Callow, Threat Analyst at Emsisoft, said a high school student could have potentially of conducted the Optus cyber attack. (Today)

Callow said not a lot can be done to protect the information unless the perpetrator is apprehended, which he admits is “easier said than done”.
“If it was easy to track down hackers, there would be no hackers,” he said.
He added the motive of the hacker is “pure and simple”; it comes down to money.
A self-declared “evil genius” claiming responsibility for the hack has allegedly demanded A$1.5 million in ransom money from Optus.
personal-details

The personal details of nearly 10,000 Optus customers – past and present – were accessed by a cyber hacker and are now being held to ransom.. (AAP)

“They are looking to score a big payday,” Callow said.

“This has become more and more of an issue in recent years.

“People are weaponising companies’ customers. They are stealing their data, and in some cases, they are actually contacting the people to which the data relates.”
hackers

A self-declared ‘evil genius’ claiming responsibility for the hack has allegedly demanded A$1.5 million in ransom money from Optus. (Getty Images/iStockphoto)

Customers ‘violated’ by hack

An estimated 9.8 million customers’ details are believed to have been compromised in the breach, which came on the National Day of Mourning last week.
Beth Snape, one of the millions caught up in the hack, said she feels “violated”.
beth-snap.png

Beth Snape received a letter from Optus revealing her details had been compromised. (Today)

“It doesn’t leave me feeling very well,” she said, revealing she’s a silent voter because of the job she does.
“We received a letter to say we’ve been compromised.
“It’s a real concern for from my point of view. I’m trying to protect my own family and had security measures in place for that and it seems to be compromised now.
“I don’t know how we can protect everybody. I really don’t know.
“I’m at a loss to know what to do.”
In a letter sent to customers days after the attack, Optus revealed the information exposed includes: names, date of births, emails, phone numbers, addresses, and numbers of ID documents – such as drivers licence numbers or passport numbers.
letter

Email to customer about the Optus cyberattack. (Supplied)

“No copies of photo IDs have been affected,” Optus added.
Customers are urged to watch out for suspicious activity across online accounts, and to be weary of any calls, emails or texts from potential scammers.
“Never click on any links that look suspicious and never provide your passwords, or any personal or financial information,” the company said.
Customers are also urged to change their passwords, and implement two-factor authentication on all accounts.
The company yesterday pledged to offer free credit monitoring to its “most affected” customers, following a call to action by Home Affairs Minister Clare O’Neil.
“Optus is offering the most affected current and former customers whose information was compromised because of a cyberattack the option to take up a 12-month subscription to Equifax Protect at no cost,” it said in a statement.
“Equifax Protect is a credit monitoring and identity protection service that can help reduce the risk of identity theft.
“The most affected customers will be receiving direct communications from Optus over the coming days on how to start their subscription at no cost. Please note that no communications from Optus relating to this incident will include any links as we recognise there are criminals who will be using this incident to conduct phishing scams.”
The statement does not, however, say what constitutes a “most affected customer”.
sequre

Optus customers are advised to take a number of steps to protect their identity online. (Graphic: Channing Young)

Comments are closed.